DEV Community

Mona
Mona

Posted on

Installing Prowler on Azure – My Hands-On Learning Experience

#cloud #security #cybersecurity #devops

Recently, I integrated Prowler to better understand how cloud security scanning tools help secure cloud deployments in real environments. I explored both the GUI and CLI versions on Azure to understand how each approach works for security scanning, identifying compliance gap and reporting.
This blog focuses on my initial hands-on experience with the Prowler setup on Azure Cloud Shell.

# What is Prowler?

Prowler is an open-source cloud security assessment tool used to scan cloud environments for:

  • Security misconfigurations
  • Risky settings
  • Compliance gaps
  • Exposed cloud resources

It supports multiple cloud platforms:

  • Amazon Web Services(AWS)
  • Microsoft Azure
  • Google Cloud Platform (GCP)

Prowler can be used in two ways:

  • CLI(Command Line Interface)
  • GUI/Web Dashboard

# Installing Prowler on Azure

Below are the basic steps I followed during the setup process.

Step 1 — Open Azure Cloud Shell

  • Login to your Microsoft Azure account
  • From the top menu → click Cloud Shell icon [>_]
  • Select Bash Azure Cloud Shell already includes Azure CLI, which makes the setup process easier. Azure Cloud Shell

Step 2 — Install Prowler (in Cloud Shell)
Run the following commands:
python3 -m pip install --user pipx
python3 -m pipx ensurepath
pipx install prowler

Install Dependencies

Check the installation:
prowler -v

Prowler Installation

Step 3 — Run First Scan
Check the active Azure subscription:
az account show --output table
Run the scan:
prowler azure --az-cli-auth
OR scan a specific subscription:
prowler azure --az-cli-auth --subscription-ids <YOUR-SUBSCRIPTION-ID>

This performs a security assessment of the Azure subscription and generates security findings and compliance results.

Step 4 — View the reports
After the scan completes, Prowler generates reports in multiple formats, such as:

  • HTML
  • JSON
  • CSV

Download Prowler Report

The HTML report is especially useful for demonstrations and presentations because it provides a clean dashboard-style view of the scan results.
Prowler Scan Report-HTML

Final Thoughts

This was my first hands-on experience with Prowler, and it gave me a practical introduction to cloud security scanning and compliance validation. If you are starting with cloud security or DevSecOps, Prowler is a good tool to explore because it is open-source, beginner-friendly, and supports multiple cloud platforms.

Top comments (0)