Scanning a Specific GCP Organization

By default, Prowler scans all Google Cloud projects accessible to the authenticated user.

To limit the scan to projects within a specific Google Cloud organization, use the --organization-id option with the GCP organization’s ID:

prowler gcp --organization-id organization-id

Warning

Ensure the credentials used have one of the following roles at the organization level: Cloud Asset Viewer (roles/cloudasset.viewer), or Cloud Asset Owner (roles/cloudasset.owner).

Note

With this option, Prowler retrieves all projects under the specified Google Cloud organization, including those organized within folders and nested subfolders. This ensures full visibility across the entire organization’s hierarchy.

Note

To obtain the Google Cloud organization ID, use:

gcloud organizations list