prowler-gcp

Run the default set of checks on all accessible GCP projects using default user credentials

$ prowler gcp

$ prowler gcp --credentials-file [path/to/credentials.json]

$ prowler gcp --project-ids [project_id1 project_id2 ...]

$ prowler gcp [[-s|--services]] [iam compute ...]

$ prowler gcp [[-c|--checks]] [gcp_storage_bucket_logging_enabled]

$ prowler gcp [[-e|--excluded-checks]] [gcp_storage_bucket_logging_enabled] --exclude-services [iam compute ...]

prowler-gcp [options]
Note: This command is typically an alias or wrapper script for prowler --cloud gcp. The options listed below apply to the underlying Prowler tool when used for GCP.

--cloud gcp
    Required. Specifies Google Cloud Platform as the target cloud provider. Implicit if `prowler-gcp` is used.

--projects <project_ids>
    Comma-separated list of specific GCP project IDs to scan.

--excluded-projects <project_ids>
    Comma-separated list of GCP project IDs to exclude from the scan.

--checks <check_ids>
    Comma-separated list of specific check IDs to execute (e.g., `gcp_iam_enforce_mfa`).

--excluded-checks <check_ids>
    Comma-separated list of check IDs to exclude from the scan.

--groups <group_names>
    Comma-separated list of specific check groups to run (e.g., `cis_v1.2.0_gcp_level1`).

--compliance <frameworks>
    Comma-separated list of compliance frameworks to run (e.g., `cis_v1.2.0_gcp`).

--output-modes <modes>
    Comma-separated list of desired output formats (e.g., `json`, `csv`, `html`).

--output-file <filename>
    Specifies the base name for the generated output files.

--list-checks
    Displays all available checks for GCP and exits.

--verbose
    Enables verbose output during the scan, showing more details about the execution.

prowler-gcp is a command-line utility used for performing comprehensive security assessments, auditing, incident response, and hardening of Google Cloud Platform (GCP) environments. It leverages the open-source Prowler tool, specifically configured for GCP, to evaluate cloud resources against a wide array of security best practices and compliance standards, including CIS Benchmarks, ISO 27001, and PCI DSS. The command works by querying GCP APIs to identify misconfigurations, security vulnerabilities, overly permissive IAM policies, and other deviations from established security baselines. It provides actionable findings, helping organizations enhance their security posture, ensure regulatory compliance, and streamline the auditing process across their GCP projects and organizations. While "prowler-gcp" is often an alias or wrapper script, the core functionality is provided by the Prowler tool itself.

• Permissions: Prowler requires appropriate GCP IAM permissions (typically `viewer` role, but some checks may require more) to query resources. Insufficient permissions will lead to incomplete or erroneous reports.
  
• Installation: `prowler-gcp` is not a standard Linux command. It implies that Prowler has been installed (e.g., via `pip` or source) and potentially an alias or wrapper script named `prowler-gcp` has been created.
  
• API Limits & Costs: Extensive scans on large GCP environments might hit API rate limits or incur minor charges due to the volume of API calls.
  
• False Positives/Negatives: As an automated tool, it may occasionally produce false positives or miss some issues; manual validation and contextual understanding are often recommended.

Prowler for GCP leverages Google Cloud's Application Default Credentials (ADC) for authentication. This means it can automatically pick up credentials from the environment, such as those configured via `gcloud auth application-default login`, service account keys, or metadata from a Compute Engine instance.

The Prowler framework is highly extensible. Users can create custom checks by defining them in Python and YAML, allowing organizations to tailor the auditing process to their specific security policies, unique configurations, or internal compliance requirements.

Prowler was initially developed by Toni de la Fuente for auditing Amazon Web Services (AWS) environments. Due to its effectiveness and open-source nature, it quickly gained popularity within the cloud security community. Over time, its capabilities were expanded to support other major cloud providers, including Google Cloud Platform (GCP) and Azure. The GCP support was integrated into the main Prowler project, allowing users to leverage a unified tool for multi-cloud security assessments. Continuous development efforts ensure Prowler remains updated with new cloud services, evolving security best practices, and relevant compliance standards.

gcloud(1), kubectl(1), ScoutSuite, Cloud Custodian