or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

check-management.mdcheck-models.mdcli-interface.mdconfiguration.mdfinding-management.mdindex.mdlogging-utilities.mdprovider-framework.md

cli-interface.mddocs/

0
# CLI Interface and Main Entry Point
1


2
Prowler's command-line interface provides comprehensive cloud security scanning capabilities with support for multiple providers, extensive filtering options, compliance frameworks, and various output formats. The CLI serves as the primary entry point for security assessments and automated compliance auditing.
3


4
## Capabilities
5


6
### Main CLI Entry Point
7


8
Primary entry point that orchestrates the entire security scanning process, handling argument parsing, provider initialization, check execution, and output generation.
9


10
```python { .api }
11
def prowler():
12
    """
13
    Main CLI entry point that orchestrates the entire scanning process.
14
    
15
    Uses sys.argv for command-line argument parsing and coordinates:
16
    - Provider initialization and authentication
17
    - Check loading based on filters and compliance frameworks
18
    - Security check execution
19
    - Finding collection and processing
20
    - Output generation in multiple formats
21
    
22
    Returns:
23
    None (exits with appropriate status code)
24
    
25
    Raises:
26
    ProwlerException: On configuration or execution errors
27
    SystemExit: On argument parsing errors or completion
28
    """
29
```
30


31
### Argument Parser
32


33
Comprehensive argument parsing system supporting all provider types, filtering options, output formats, and compliance frameworks.
34


35
```python { .api }
36
class ProwlerArgumentParser:
37
    """
38
    Main argument parser class handling all CLI options.
39
    
40
    Supports provider-specific arguments, filtering options,
41
    output configuration, and compliance framework selection.
42
    """
43
    
44
    def __init__(self):
45
        """
46
        Initialize the parser with all provider and option parsers.
47
        
48
        Sets up argument groups for:
49
        - Provider selection and authentication
50
        - Check and service filtering
51
        - Output format and destination
52
        - Compliance framework selection
53
        - Logging and debugging options
54
        """
55
    
56
    def parse(self, args: list = None) -> argparse.Namespace:
57
        """
58
        Parse arguments and perform validation.
59
        
60
        Parameters:
61
        - args: Optional list of arguments (defaults to sys.argv)
62
        
63
        Returns:
64
        Parsed arguments namespace with validated options
65
        
66
        Raises:
67
        SystemExit: On parsing errors or help requests
68
        """
69
```
70


71
### Banner Display
72


73
Prowler banner display functionality for CLI branding and visual identification.
74


75
```python { .api }
76
def print_banner(legend: bool = False):
77
    """
78
    Print the Prowler banner with optional color legend.
79
    
80
    Parameters:
81
    - legend: Whether to include color legend for output interpretation
82
    
83
    Returns:
84
    None (prints to stdout)
85
    """
86
```
87


88
## Usage Examples
89


90
### Basic Provider Scanning
91


92
```python
93
from prowler.__main__ import prowler
94
import sys
95


96
# Scan AWS account with default checks
97
sys.argv = ['prowler', 'aws']
98
prowler()
99


100
# Scan specific Azure region
101
sys.argv = ['prowler', 'azure', '--region', 'eastus']
102
prowler()
103


104
# Scan GCP project
105
sys.argv = ['prowler', 'gcp', '--project-id', 'my-project']
106
prowler()
107
```
108


109
### Filtering and Compliance
110


111
```python
112
import sys
113
from prowler.__main__ import prowler
114


115
# Run specific compliance framework
116
sys.argv = ['prowler', 'aws', '--compliance', 'cis_1.5_aws']
117
prowler()
118


119
# Run specific checks only
120
sys.argv = ['prowler', 'aws', '--check', 'iam_user_mfa_enabled', 'ec2_instance_public_ip']
121
prowler()
122


123
# Exclude services
124
sys.argv = ['prowler', 'azure', '--excluded-services', 'storage', 'network']
125
prowler()
126


127
# Filter by region
128
sys.argv = ['prowler', 'aws', '--region', 'us-east-1', 'us-west-2']
129
prowler()
130
```
131


132
### Output Configuration
133


134
```python
135
import sys
136
from prowler.__main__ import prowler
137


138
# Generate multiple output formats
139
sys.argv = [
140
    'prowler', 'aws',
141
    '--output-formats', 'json', 'csv', 'html',
142
    '--output-directory', '/tmp/prowler-results'
143
]
144
prowler()
145


146
# Generate ASFF output for AWS Security Hub
147
sys.argv = ['prowler', 'aws', '--output-formats', 'asff']
148
prowler()
149


150
# Generate OCSF output
151
sys.argv = ['prowler', 'gcp', '--output-formats', 'ocsf']
152
prowler()
153
```
154


155
### Advanced Configuration
156


157
```python
158
import sys
159
from prowler.__main__ import prowler
160


161
# Custom checks directory
162
sys.argv = [
163
    'prowler', 'aws',
164
    '--custom-checks-folder', '/path/to/custom/checks'
165
]
166
prowler()
167


168
# Mute specific findings
169
sys.argv = [
170
    'prowler', 'azure',
171
    '--mutelist-file', '/path/to/mutelist.yaml'
172
]
173
prowler()
174


175
# Parallel execution
176
sys.argv = [
177
    'prowler', 'aws',
178
    '--parallel',
179
    '--processes', '4'
180
]
181
prowler()
182


183
# Quiet mode with specific log level
184
sys.argv = [
185
    'prowler', 'gcp',
186
    '--quiet',
187
    '--log-level', 'ERROR',
188
    '--log-file', '/var/log/prowler.log'
189
]
190
prowler()
191
```
192


193
## CLI Command Structure
194


195
The Prowler CLI follows this general structure:
196


197
```bash
198
prowler <provider> [provider-options] [global-options]
199
```
200


201
### Supported Providers
202
- `aws` - Amazon Web Services
203
- `azure` - Microsoft Azure
204
- `gcp` - Google Cloud Platform  
205
- `kubernetes` - Kubernetes clusters
206
- `github` - GitHub organizations and repositories
207
- `m365` - Microsoft 365 environments
208


209
### Global Options
210
- `--check` - Specific checks to run
211
- `--excluded-checks` - Checks to exclude
212
- `--service` - Services to include
213
- `--excluded-services` - Services to exclude
214
- `--compliance` - Compliance frameworks to apply
215
- `--region` - Regions to scan
216
- `--output-formats` - Output formats (json, csv, html, asff, ocsf)
217
- `--output-directory` - Output directory path
218
- `--quiet` - Suppress banner and progress output
219
- `--log-level` - Logging level
220
- `--parallel` - Enable parallel execution
221
- `--mutelist-file` - Path to findings mute list
222


223
Provider-specific options vary based on the selected provider and include authentication methods, resource filtering, and platform-specific configuration options.