Skip to main content

Documentation Index

Fetch the complete documentation index at: https://prowler-prowler-1359-docs-improve-developer-documentation-f.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Prowler secures itself with Prowler. As an open-source cloud security platform trusted by thousands of organizations, Prowler applies the same rigorous security standards internally that customers achieve externally. All security tooling, configurations, and CI/CD pipelines are publicly available in the Prowler GitHub repository. Transparency is fundamental to open-source security.

Software Security

All Prowler code goes through the same security pipeline, whether running on Prowler Cloud or self-managed infrastructure: DAST, SAST, SCA, container scanning, and secrets detection on every build.

Software Security

Security tools and practices applied to all Prowler code.

Prowler Cloud vs Self-Managed

Prowler CloudSelf-Managed
DeploymentFully managed SaaSOwn infrastructure
RegionEU (Ireland)Any region or provider
ComplianceSOC 2 Type II, AWS FTROrganization responsibility
Data ControlProwler managedFull control
EncryptionAES-256 at rest, TLS 1.2+ in transitConfigurable
BackupsAutomatedOrganization responsibility
UpdatesAutomaticManual
Self-Managed includes Prowler App and Prowler CLI. They can run anywhere — any cloud provider, any region, on-premises, or air-gapped environments. Full control over data residency and infrastructure decisions. See the Prowler App Installation Guide to get started.

Prowler Cloud

This section covers security and compliance for Prowler Cloud, the managed infrastructure.

Trust & Compliance

Prowler Cloud holds compliance certifications and undergoes regular audits.
CertificationStatus
SOC 2 Type IIView on Trust Portal
AWS Foundational Technical Review (FTR)Passed — Details
Compliance data and reports: trust.prowler.com

Security

Encryption

Data encrypted at rest (AES-256) and in transit (TLS 1.2+).

Data Regions

EU-hosted infrastructure with high availability and disaster recovery.

Networking

Static egress IPs for firewall allowlisting.

Privacy

Prowler Cloud is GDPR compliant in regard to the “right to be forgotten”. When an account is deleted, user information is removed from online and backup systems within 10 calendar days.

Report a Vulnerability

Found a security issue? Report it through the responsible disclosure process.

Contact

For security inquiries or general support, visit the Support page.