New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(python-option): Make it possible to run Prowler from Python as a library #2134
Conversation
The --python option enable prowler to be called by a python program to manipulate findings directly
Hi @meowmeowxw, this is a great addition to Prowler but I'm concerned about all the places where if we catch a critical error Prowler exits the execution, since it will cause to exit the father Python process usign Prowler as a library, causing some abrupt errors instead of the ability to catch the exception. What do you think? Also, as I can see this option does not provide a full compatibility with all Prowler's features right? Thanks for using Prowler. |
Hello @jfagoagas ,
Yes just some of them, but I think the most important one is the ability to collect findings. The other
I'll check better the codebase and see what I can do. What do you think if I focus only on the findings gathering part? Would it suits you or would you like to enable python for everything? (It would require a major refactoring for most of the functions to not print results directly) |
There are flags to export findings to Security Hub, to select the output format you want, etc. You can check it running
I think focusing only on the findings gathering part would be great as a first approach to this new feature, I think the Thanks! |
hi @meowmeowxw, if I may ask, what is the use case for this feature? Is it by any chance to run it as a Lambda function? |
Hi @toniblyx , |
Hi @meowmeowxw, I apologize for not having answered sooner. Actually we are working towards having a way to call Prowler as a library, this is in our roadmap. Do you want to leave this PR opened until that or we can close it? Thanks for your time 🙌 |
Hi, |
The --python option enable prowler to be called by a python program to manipulate findings directly
Context
Hello, It would be nice to be able to use prowler from python. In this way it's possible to have the type hint of the checks and manipulate them on the fly. Maybe with an additional PR we could also change the code to return the findings with a
yield
keyword and get them in real time.To run prowler from python:
And then with a script:
Description
No dependencies are required for this PR. The PR make it possible to run prowler directly from python. Let me know if it's something that you think is useful for your project, or I'll close the PR. A redesign of the main.py would be needed to make it a bit cleaner :D
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.