Adding new providers

[arusell-0901]

Hi team,

I'm interested in extending prowler beyond cloud infrastructure providers, and leverage all of its power to perform security assessments on other systems as well. The way I see it (please correct me if I'm wrong), any system which provides an API for its configuration and state could be assessed by prowler. I imagine all the enterprise tools that don't provide it, being reviewed and reported just by adding the new provider, the services and the checks.

I just started looking at the way current providers are implemented, but before moving further with adding a new one, I'd like to get some feedback. Do you see it as a valuable addition to the tool? If so, is there a specification for providers? The interface between providers and services and checks depends on each case. But I'm not sure how they interact against the core subsystem of prowler.

Thank you in advance!

Best,

[jfagoagas]

Hi @arusell-0901, regarding the requirements you are right, any system that provides an API to handle configuration and state could be included in Prowler as a new provider.

Regarding the providers specification and interface, right now we are working on a new version to have a unique interface for a provider in such a way the creation of a new provider will be done implementing the provider interface. Regarding the checks and services everything works dynamically so once a check is set to be executed the service class is generated and then the check is executed.

We have the following documentation related to checks and services in our developer guide:

• Checks -> https://docs.prowler.cloud/en/latest/developer-guide/checks/
• Services -> https://docs.prowler.cloud/en/latest/developer-guide/services/

[arusell-0901]

Hi @jfagoagas ,

It's great to see that work has started in that direction (I have totally missed the v4 branch!). Is there any ETA already planned for it?

[jfagoagas]

Hi @arusell-0901, we cannot confirm an ETA for v4 yet.

Thanks for using Prowler 🚀