Skip to main content

Documentation Index

Fetch the complete documentation index at: https://prowler-prowler-1359-docs-improve-developer-documentation-f.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Prowler’s Image provider enables container image security scanning using Trivy. No authentication is required for public images. Prowler supports the following authentication methods for private registries: Prowler uses the first available method in this priority order.

Basic Authentication (Environment Variables)

To authenticate with a username and password, set the REGISTRY_USERNAME and REGISTRY_PASSWORD environment variables. Prowler passes these credentials to Trivy, which handles authentication with the registry transparently: 
export REGISTRY_USERNAME="myuser"
export REGISTRY_PASSWORD="mypassword"

prowler image -I myregistry.io/myapp:v1.0
Both variables must be set for this method to activate.

Token-Based Authentication

To authenticate using a registry token (such as a bearer or OAuth2 token), set the REGISTRY_TOKEN environment variable. Prowler passes the token directly to Trivy: 
export REGISTRY_TOKEN="my-registry-token"

prowler image -I myregistry.io/myapp:v1.0
This method is useful for registries that support token-based access without requiring a username and password.

Manual Docker Login (Fallback)

If no environment variables are set, Prowler relies on existing credentials in Docker’s credential store (~/.docker/config.json). To configure credentials manually before scanning: 
docker login myregistry.io

prowler image -I myregistry.io/myapp:v1.0
This method is available in Prowler CLI only. In Prowler Cloud, use basic authentication or token-based authentication instead.