ben.carrasco/prowler
1
0
Fork 0
mirror of https://github.com/prowler-cloud/prowler.git synced 2025-12-19 05:17:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e32cebc553b3daabb675a8a1abc079405424337c
prowler/mcp_server/README.md
Rubén De la Torre Vico e32cebc553 feat(mcp): add Dockerfile for MCP Server containerization (#8768)
2025-09-26 15:04:24 +02:00

7.5 KiB
Raw Blame History

Prowler MCP Server

Access the entire Prowler ecosystem through the Model Context Protocol (MCP). This server provides two main capabilities:

  • Prowler Cloud and Prowler App (Self-Managed): Full access to Prowler Cloud platform and Prowler Self-Managed for managing providers, running scans, and analyzing security findings
  • Prowler Hub: Access to Prowler's security checks, fixers, and compliance frameworks catalog

Requirements

  • Python 3.12+
  • Network access to https://hub.prowler.com (for Prowler Hub)
  • Network access to Prowler Cloud and Prowler App (Self-Managed) API (it can be Prowler Cloud API or self-hosted Prowler App API)
  • Prowler Cloud account credentials (for Prowler Cloud and Prowler App (Self-Managed) features)

Installation

From Sources

It is needed to have uv installed.

git clone https://github.com/prowler-cloud/prowler.git

Using Docker

Alternatively, you can build and run the MCP server using Docker:

# Clone the repository
git clone https://github.com/prowler-cloud/prowler.git
cd prowler/mcp_server

# Build the Docker image
docker build -t prowler-mcp .

# Run the container with environment variables
docker run --rm --env-file ./.env -it prowler-mcp

Running

Using uv directly

After installation, start the MCP server via the console script:

cd prowler/mcp_server
uv run prowler-mcp

Alternatively, you can run from wherever you want using uvx command:

uvx /path/to/prowler/mcp_server/

Using Docker

Run the pre-built Docker container:

cd prowler/mcp_server
docker run --rm --env-file ./.env -it prowler-mcp

Available Tools

Prowler Hub

All tools are exposed under the prowler_hub prefix.

  • prowler_hub_get_check_filters: Return available filter values for checks (providers, services, severities, categories, compliances). Call this before prowler_hub_get_checks to build valid queries.
  • prowler_hub_get_checks: List checks with option of advanced filtering.
  • prowler_hub_search_checks: Fulltext search across check metadata.
  • prowler_hub_get_compliance_frameworks: List/filter compliance frameworks.
  • prowler_hub_search_compliance_frameworks: Full-text search across frameworks.
  • prowler_hub_list_providers: List Prowler official providers and their services.
  • prowler_hub_get_artifacts_count: Return total artifact count (checks + frameworks).

Prowler Cloud and Prowler App (Self-Managed)

All tools are exposed under the prowler_app prefix.

Findings Management

  • prowler_app_list_findings: List security findings from Prowler scans with advanced filtering
  • prowler_app_get_finding: Get detailed information about a specific security finding
  • prowler_app_get_latest_findings: Retrieve latest findings from the latest scans for each provider
  • prowler_app_get_findings_metadata: Fetch unique metadata values from filtered findings
  • prowler_app_get_latest_findings_metadata: Fetch metadata from latest findings across all providers

Provider Management

  • prowler_app_list_providers: List all providers with filtering options
  • prowler_app_create_provider: Create a new provider in the current tenant
  • prowler_app_get_provider: Get detailed information about a specific provider
  • prowler_app_update_provider: Update provider details (alias, etc.)
  • prowler_app_delete_provider: Delete a specific provider
  • prowler_app_test_provider_connection: Test provider connection status

Provider Secrets Management

  • prowler_app_list_provider_secrets: List all provider secrets with filtering
  • prowler_app_add_provider_secret: Add or update credentials for a provider
  • prowler_app_get_provider_secret: Get detailed information about a provider secret
  • prowler_app_update_provider_secret: Update provider secret details
  • prowler_app_delete_provider_secret: Delete a provider secret

Scan Management

  • prowler_app_list_scans: List all scans with filtering options
  • prowler_app_create_scan: Trigger a manual scan for a specific provider
  • prowler_app_get_scan: Get detailed information about a specific scan
  • prowler_app_update_scan: Update scan details
  • prowler_app_get_scan_compliance_report: Download compliance report as CSV
  • prowler_app_get_scan_report: Download ZIP file containing scan report

Schedule Management

  • prowler_app_schedules_daily_scan: Create a daily scheduled scan for a provider

Processor Management

  • prowler_app_processors_list: List all processors with filtering
  • prowler_app_processors_create: Create a new processor. For now, only mute lists are supported.
  • prowler_app_processors_retrieve: Get processor details by ID
  • prowler_app_processors_partial_update: Update processor configuration
  • prowler_app_processors_destroy: Delete a processor

Configuration

Environment Variables

For Prowler Cloud and Prowler App (Self-Managed) features, you need to set the following environment variables:

# Required for Prowler Cloud and Prowler App (Self-Managed) authentication
export PROWLER_APP_EMAIL="your-email@example.com"
export PROWLER_APP_PASSWORD="your-password"

# Optional - in case not provided the first membership that was added to the user will be used. This can be found as `Organization ID` in your User Profile in Prowler App
export PROWLER_APP_TENANT_ID="your-tenant-id"

# Optional - for custom API endpoint, in case not provided Prowler Cloud API will be used
export PROWLER_API_BASE_URL="https://api.prowler.com"

MCP Client Configuration

Configure your MCP client, like Claude Desktop, Cursor, etc, to launch the server. Below are examples for both direct execution and Docker deployment; consult your client's documentation for exact locations.

Using uvx (Direct Execution)

{
  "mcpServers": {
    "prowler": {
      "command": "uvx",
      "args": ["/path/to/prowler/mcp_server/"],
      "env": {
        "PROWLER_APP_EMAIL": "your-email@example.com",
        "PROWLER_APP_PASSWORD": "your-password",
        "PROWLER_APP_TENANT_ID": "your-tenant-id",  // Optional, this can be found as `Organization ID` in your User Profile in Prowler App,
        "PROWLER_API_BASE_URL": "https://api.prowler.com"  // Optional, in case not provided Prowler Cloud API will be used
      }
    }
  }
}

Using Docker

{
  "mcpServers": {
    "prowler": {
      "command": "docker",
      "args": [
        "run", "--rm", "-i",
        "--env", "PROWLER_APP_EMAIL=your-email@example.com",
        "--env", "PROWLER_APP_PASSWORD=your-password",
        "--env", "PROWLER_APP_TENANT_ID=your-tenant-id",  // Optional, this can be found as `Organization ID` in your User Profile in Prowler App
        "--env", "PROWLER_API_BASE_URL=https://api.prowler.com",  // Optional, in case not provided Prowler Cloud API will be used
        "prowler-mcp"
      ]
    }
  }
}

Claude Desktop (macOS/Windows)

Add the example server to Claude Desktop's config file, then restart the app.

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %AppData%\Claude\claude_desktop_config.json (e.g. C:\\Users\\<you>\\AppData\\Roaming\\Claude\\claude_desktop_config.json)

Cursor (macOS/Linux)

If you want to have it globally available, add the example server to Cursor's config file, then restart the app.

  • macOS/Linux: ~/.cursor/mcp.json

If you want to have it only for the current project, add the example server to the project's root in a new .cursor/mcp.json file.

License

This project follows the repositorys main license. See the LICENSE file at the repository root.

Reference in New Issue View Git Blame Copy Permalink