← 返回命令列表

Linux command

prowler-gcp 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Run GCP security assessment

prowler gcp

Scan specific project(s)

prowler gcp --project-ids [project-id-1] [project-id-2]

Run specific checks

prowler gcp --checks [cloudstorage_bucket_public_access]

Run specific services

prowler gcp --services [iam] [compute]

Run with a compliance framework

prowler gcp --compliance [cis_2.0_gcp]

Impersonate a service account

prowler gcp --impersonate-service-account [name@project.iam.gserviceaccount.com]

List accessible GCP projects

prowler gcp --list-project-ids

Skip API activation check

prowler gcp --skip-api-check

说明

prowler gcp performs a security assessment of Google Cloud Platform projects. It evaluates configurations against best practices and compliance frameworks such as CIS, MITRE ATT&CK, and GDPR, and reports findings as CSV, JSON, or HTML reports. By default, Prowler scans every project accessible to the authenticated principal. Authentication can use Application Default Credentials (ADC), a credentials file, or service account impersonation.

参数

--project-ids _ID_...
Scan only the given GCP project IDs (default: all accessible projects).
--excluded-project-ids _ID_...
Exclude the given project IDs from scanning.
--list-project-ids
List all GCP project IDs accessible with the current credentials and exit.
--credentials-file _PATH_
Path to a service account application credentials JSON file.
--impersonate-service-account _EMAIL_
Impersonate the given service account when making API calls.
--skip-api-check
Skip API activation verification and assume all required APIs are enabled.
-c, --checks _CHECK_...
Run only the specified checks.
-s, --services _SERVICE_...
Run only checks for the specified GCP services (e.g. _iam_, _compute_, _cloudstorage_).
--compliance _FRAMEWORK_
Run the specified compliance framework (e.g. _cis_2.0_gcp_, _mitre_attack_gcp_).
-M, --output-modes _FORMAT_
Output format(s): _csv_, _json-ocsf_, _json-asff_, _html_.
-F, --output-filename _NAME_
Base name for output files.
-o, --output-directory _DIR_
Directory where output reports are written.

FAQ

What is the prowler-gcp command used for?

prowler gcp performs a security assessment of Google Cloud Platform projects. It evaluates configurations against best practices and compliance frameworks such as CIS, MITRE ATT&CK, and GDPR, and reports findings as CSV, JSON, or HTML reports. By default, Prowler scans every project accessible to the authenticated principal. Authentication can use Application Default Credentials (ADC), a credentials file, or service account impersonation.

How do I run a basic prowler-gcp example?

Run `prowler gcp` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does --project-ids _ID_... do in prowler-gcp?

Scan only the given GCP project IDs (default: all accessible projects).