From a9865209a18c55fc2e4ebfbec5d35213bbae9153 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20De=20la=20Torre=20Vico?= Date: Wed, 20 May 2026 12:38:34 +0200 Subject: [PATCH] docs(claude-plugin): add Prowler for Claude Code page and plugin README (#11253) --- claude_plugins/prowler/README.md | 80 ++++++++++++++ docs/docs.json | 6 ++ .../products/prowler-claude-code-plugin.mdx | 101 ++++++++++++++++++ 3 files changed, 187 insertions(+) create mode 100644 claude_plugins/prowler/README.md create mode 100644 docs/getting-started/products/prowler-claude-code-plugin.mdx diff --git a/claude_plugins/prowler/README.md b/claude_plugins/prowler/README.md new file mode 100644 index 0000000000..6e204fbe44 --- /dev/null +++ b/claude_plugins/prowler/README.md @@ -0,0 +1,80 @@ +# Prowler for Claude Code + +End-to-end cloud security and compliance from inside [Claude Code](https://www.claude.com/product/claude-code), powered by the [Prowler MCP server](https://docs.prowler.com/projects/prowler-mcp/). The plugin lets Claude walk a Prowler Cloud-connected account through a compliance assessment and remediate findings until the chosen security or industry framework is compliant. + +> **Preview**: this plugin is under active development. Report issues at or join the [Slack community](https://goto.prowler.com/slack). + +## Requirements + +- [Claude Code](https://www.claude.com/product/claude-code) installed and signed in. +- A [Prowler Cloud](https://cloud.prowler.com) account (the free tier is enough to start). +- A Prowler API key — create one at . + +## Installation + +Inside a Claude Code session: + +```text +/plugin marketplace add prowler-cloud/prowler +/plugin install prowler@prowler-plugins +``` + +Or, if you already have the repo checked out locally: + +```text +/plugin marketplace add /absolute/path/to/prowler +/plugin install prowler@prowler-plugins +``` + +## Configuration + +On first install, Claude Code prompts for your **Prowler API key**. It is stored securely (macOS keychain or `~/.claude/.credentials.json`) and used to authenticate against Prowler Cloud. + +To rotate the key, uninstall and reinstall the plugin — Claude Code will prompt again. + +## Verify the install + +In a Claude Code session: + +```text +/mcp → "prowler" appears as a connected server +/plugin → "prowler" enabled, skill listed as prowler:framework-compliance-triage +``` + +If `/mcp` reports the `prowler` server as failed, the most common cause is a rejected API key — re-issue one in Prowler Cloud and reinstall the plugin so it re-prompts. + +## Usage + +Open a conversation that mentions the framework you want to comply with. Examples: + +- *"Make my AWS production account compliant with CIS 4.0."* +- *"Make my current Terraform project compliant with the Prowler ThreatScore Compliance Framework based on the latest scan results."* +- *"Help me get to 100% on PCI-DSS for this GCP project."* + +You pick a **primary tool** (Terraform, gh / az / aws CLI, web console, or mixed) and a **mode**: + +- **Claude-assisted** (default). Claude shows each fix — target resource, exact commands, side effects, reversibility — and waits for your go-ahead before applying. +- **Claude autonomous**. Claude presents a single up-front plan grouped by shared fixes, waits for one confirmation, then proceeds. It pauses mid-loop if a fix has wide blast radius or a finding is not applicable. + +Claude tracks progress in a markdown report under `.prowler/` at your project root — one file per framework × account. Open it any time to see exactly where the flow is. When all findings are addressed, Claude proposes a fresh Prowler scan to verify everything end-to-end. + +## Uninstalling + +```text +/plugin uninstall prowler@prowler-plugins +/plugin marketplace remove prowler-plugins +``` + +The stored API key is removed automatically. + +## Troubleshooting + +| Symptom | Likely cause | Fix | +|---|---|---| +| `/mcp` shows `prowler` as failed | Rejected API key | Generate a new one in Prowler Cloud and reinstall the plugin to re-prompt. | +| Skill not invoked when expected | The skill description didn't match the prompt | Mention the framework name plus "compliance" or "compliant" in your prompt. | +| "Framework not supported" | Prowler Hub does not list the framework for that provider | Open an issue or PR at . | + +## License + +Apache 2.0 — see [LICENSE](../../LICENSE). diff --git a/docs/docs.json b/docs/docs.json index e39ccb67ea..8c3c79e8be 100644 --- a/docs/docs.json +++ b/docs/docs.json @@ -73,6 +73,12 @@ "getting-started/products/prowler-lighthouse-ai" ] }, + { + "group": "Prowler for Claude Code", + "pages": [ + "getting-started/products/prowler-claude-code-plugin" + ] + }, { "group": "Prowler MCP Server", "pages": [ diff --git a/docs/getting-started/products/prowler-claude-code-plugin.mdx b/docs/getting-started/products/prowler-claude-code-plugin.mdx new file mode 100644 index 0000000000..e3c11ec810 --- /dev/null +++ b/docs/getting-started/products/prowler-claude-code-plugin.mdx @@ -0,0 +1,101 @@ +--- +title: 'Prowler for Claude Code' +--- + +End-to-end cloud security and compliance from inside [Claude Code](https://www.claude.com/product/claude-code), powered by the [Prowler MCP server](/getting-started/products/prowler-mcp). The plugin lets Claude walk a Prowler Cloud-connected account through a compliance assessment and remediate findings until the chosen security or industry framework is compliant. + + +**Preview**: this plugin is under active development. Please report issues on [GitHub](https://github.com/prowler-cloud/prowler/issues) or join the [Slack community](https://goto.prowler.com/slack) for feedback. + + +## Requirements + + + + Installed and signed in. See the [official install guide](https://www.claude.com/product/claude-code). + + + The free tier is enough to start. Sign up at [cloud.prowler.com](https://cloud.prowler.com). + + + Create one at [cloud.prowler.com/profile](https://cloud.prowler.com/profile). + + + +## Installation + + + + Inside a Claude Code session: + + ```text + /plugin marketplace add prowler-cloud/prowler + /plugin install prowler@prowler-plugins + ``` + + + If you already have the repository checked out: + + ```text + /plugin marketplace add /absolute/path/to/prowler + /plugin install prowler@prowler-plugins + ``` + + + +## Configuration + +On first install, Claude Code prompts for your **Prowler API key**. The value is stored securely (macOS keychain or `~/.claude/.credentials.json`) and used to authenticate against Prowler Cloud. + + +To rotate the key, uninstall and reinstall the plugin — Claude Code will prompt again. + + +## Verify the installation + +In a Claude Code session: + +```text +/mcp → "prowler" appears as a connected server +/plugin → "prowler" enabled, skill listed as prowler:framework-compliance-triage +``` + +If `/mcp` reports the `prowler` server as failed, the most common cause is a rejected API key — re-issue one in Prowler Cloud and reinstall the plugin so it re-prompts. + +## Usage + +Open a conversation that mentions the framework you want to comply with. Examples: + +- *"Make my AWS production account compliant with CIS 4.0."* +- *"Make my current Terraform project compliant with Prowler ThreatScore Compliance Framework based on the latest scan results."* +- *"Help me get to 100% on PCI-DSS for this GCP project."* + +You pick a **primary tool** (Terraform, gh / az / aws CLI, web console, or mixed) and a **mode**: + + + + Claude shows each fix — target resource, exact commands, side effects, reversibility — and waits for your go-ahead before applying. + + + Claude presents a single up-front plan grouped by shared fixes, waits for one confirmation, then proceeds. It pauses mid-loop if a fix has wide blast radius or a finding is not applicable. + + + +Claude tracks progress in a markdown report under `.prowler/` at your project root — one file per framework × account. Open it any time to see exactly where the flow is. When all findings are addressed, Claude proposes a fresh Prowler scan to verify everything end-to-end. + +## Uninstalling + +```text +/plugin uninstall prowler@prowler-plugins +/plugin marketplace remove prowler-plugins +``` + +The stored API key is removed automatically. + +## Troubleshooting + +| Symptom | Likely cause | Fix | +| --- | --- | --- | +| `/mcp` shows `prowler` as failed | Rejected API key | Generate a new one in Prowler Cloud and reinstall the plugin to re-prompt. | +| Skill not invoked when expected | The skill description didn't match the prompt | Mention the framework name plus "compliance" or "compliant" in your prompt. | +| "Framework not supported" | Prowler Hub does not list the framework for that provider | Open an issue or PR at [github.com/prowler-cloud/prowler](https://github.com/prowler-cloud/prowler). |