Skip to main content
Thanks for your interest in contributing to Prowler! Prowler can be extended in various ways. This guide provides the different ways to contribute and how to get started.

Contributing to Prowler

Review Current Issues

Check out our GitHub Issues page for ideas to contribute.

Good First Issue

We tag issues as good first issue for new contributors. These are typically well-defined and manageable in scope.

Help Wanted

We tag issues as help wanted for other issues that require more time to complete.

Expand Prowler’s Capabilities

Prowler is constantly evolving. Contributions to checks, services, or integrations help improve the tool for everyone. Here is how to get involved:

Adding New Checks

Want to improve Prowler’s detection capabilities for your favorite cloud provider? You can contribute by writing new checks.

Adding New Services

One key service for your favorite cloud provider is missing? Add it to Prowler! Do not forget to include relevant checks to validate functionality.

Adding New Providers

If you would like to extend Prowler to work with a new cloud provider, this typically involves setting up new services and checks to ensure compatibility.

Adding New Output Formats

Want to tailor how results are displayed or exported? You can add custom output formats.

Adding New Integrations

Prowler can work with other tools and platforms through integrations.

Proposing or Implementing Features

Propose brand-new features or enhancements to existing ones, or help implement community-requested improvements.

Improve Documentation

Help make Prowler more accessible by enhancing our documentation, fixing typos, or adding examples/tutorials.

Documentation Guide

Enhance our documentation, fix typos, or add examples/tutorials.

Bug Fixes

If you find any issues or bugs, you can report them in the GitHub Issues page and if you want you can also fix them.

Report a Bug

Report or fix issues or bugs.
Remember, our community is here to help! If you need guidance, do not hesitate to ask questions in the issues or join our Slack workspace.

Setting up your development environment

Prerequisites

Before proceeding, ensure the following:
  • Git is installed.
  • Python 3.9 or higher is installed.
  • poetry is installed to manage dependencies.

Forking the Prowler Repository

Fork the Prowler GitHub repository to contribute to Prowler. This allows proposing changes, submitting new features, and fixing bugs. For guidance on forking, refer to the official GitHub documentation.

Cloning Your Forked Repository

Once your fork is created, clone it using the following commands (replace <your-github-user> with your GitHub username): 
git clone https://github.com/<your-github-user>/prowler
cd prowler

Dependency Management and Environment Isolation

To prevent conflicts between environments, we recommend using poetry, a Python dependency management solution. Install it by following the instructions.

Installing Dependencies

To install all required dependencies, including those needed for development, run: 
poetry install --with dev
eval $(poetry env activate)
Starting from Poetry v2.0.0, poetry shell has been deprecated in favor of poetry env activate. If your poetry version is below 2.0.0 you must keep using poetry shell to activate your environment. In case you have any doubts, consult the Poetry environment activation guide.

Pre-Commit Hooks

This repository uses Git pre-commit hooks managed by the pre-commit tool, it is installed with poetry install --with dev. Next, run the following command in the root of this repository: 
pre-commit install
Successful installation should produce the following output: 
pre-commit installed at .git/hooks/pre-commit

Code Quality and Security Checks

Before merging pull requests, several automated checks and utilities ensure code security and updated dependencies:
These should have been already installed if poetry install --with dev was already run.
Additionally, ensure the latest version of TruffleHog is installed to scan for sensitive data in the code. Follow the official installation guide for setup.

AI-Driven Contributions

If you are using AI assistants to help with your contributions, Prowler provides specialized resources to enhance AI-driven development:
  • Prowler MCP Server: The Prowler MCP Server provides AI assistants with access to the entire Prowler ecosystem, including security checks, compliance frameworks, documentation, and more. This enables AI tools to better understand Prowler’s architecture and help you create contributions that align with project standards.
  • AGENTS.md Files: Each component of the Prowler monorepo includes an AGENTS.md file that contains specific guidelines for AI agents working on that component. These files provide context about project structure, coding standards, and best practices. When working on a specific component, refer to the relevant AGENTS.md file (e.g., prowler/AGENTS.md, ui/AGENTS.md, api/AGENTS.md) to ensure your AI assistant follows the appropriate guidelines.
These resources help ensure that AI-assisted contributions maintain consistency with Prowler’s codebase and development practices.

Dependency Management

All dependencies are listed in the pyproject.toml file. For proper code documentation, refer to the following and follow the code documentation practices presented there: Google Python Style Guide - Comments and Docstrings.
If you encounter issues when committing to the Prowler repository, use the --no-verify flag with the git commit command.

Repository Folder Structure

The Prowler codebase layout helps quickly locate where to add new features, checks, or integrations. The following is a high-level overview from the root of the repository: 
prowler/
├── prowler/           # Main source code for Prowler SDK (CLI, providers, services, checks, compliances, config, etc.)
├── api/               # API server and related code
├── dashboard/         # Local Dashboard extracted from the CLI output
├── ui/                # Web UI components
├── util/              # Utility scripts and helpers
├── tests/             # Prowler SDK test suite
├── docs/              # Documentation, including this guide
├── examples/          # Example output formats for providers and scripts
├── permissions/       # Permission-related files and policies
├── contrib/           # Community-contributed scripts or modules
├── kubernetes/        # Kubernetes deployment files
├── .github/           # GitHub-related files (workflows, issue templates, etc.)
├── pyproject.toml     # Python project configuration (Poetry)
├── poetry.lock        # Poetry lock file
├── README.md          # Project overview and getting started
├── Makefile           # Common development commands
├── Dockerfile         # SDK Docker container
├── docker-compose.yml # Prowler App Docker compose
└── ...                # Other supporting files

Sending the Pull Request

When creating or reviewing a pull request in Prowler, follow this template and fill it with the relevant information:
  • Context and Description of the change: This will help the reviewers to understand the change and the purpose of the pull request.
  • Steps to review: A detailed description of how to review the change.
  • Checklist: A mandatory checklist of the things that should be reviewed before merging the pull request.

Contribution Appreciation

If you enjoy swag, we’d love to thank you for your contribution with laptop stickers or other Prowler merchandise! To request swag: Share your pull request details in our Slack workspace. You can also reach out to Toni de la Fuente on Twitter—his DMs are open!

Testing a Pull Request from a Specific Branch

To test Prowler from a specific branch (for example, to try out changes from a pull request before it is merged), you can use pipx to install directly from GitHub: 
pipx install "git+https://github.com/prowler-cloud/prowler.git@branch-name"
Replace branch-name with the name of the branch you want to test. This will install Prowler in an isolated environment, allowing you to try out the changes safely. For more details on testing go to the Testing section of this documentation.