Prowler Compliance Review

Ensure compliance frameworks are bulletproof before they go live

✨ The solution you've been looking for

Verified
Tested and verified by our team
12565 Stars

Reviews Pull Requests that add or modify compliance frameworks. Trigger: When reviewing PRs with compliance framework changes, CIS/NIST/PCI-DSS additions, or compliance JSON files.

compliance code-review pull-request security validation cis nist pci-dss
Repository

See It In Action

Interactive preview & real-world examples

Live Demo
Skill Demo Animation

AI Conversation Simulator

See how users interact with this skill

User Prompt

Please review this PR that adds CIS Azure Benchmark v2.1.0. Check the JSON structure, validate all required checks exist, and ensure the dashboard file follows the correct pattern.

Skill Processing

Analyzing request...

Agent Response

Complete validation report with pass/fail status for JSON syntax, missing checks detection, duplicate ID verification, CHANGELOG entry confirmation, and dashboard pattern compliance

Quick Start (3 Steps)

Get up and running in minutes

1

Install

claude-code skill install prowler-compliance-review

claude-code skill install prowler-compliance-review
2

Config

3

First Trigger

@prowler-compliance-review help

Commands

CommandDescriptionRequired Args
@prowler-compliance-review new-cis-framework-additionReview a PR that adds a new CIS compliance framework with complete validationNone
@prowler-compliance-review framework-modification-reviewValidate changes to existing compliance frameworks for accuracy and completenessNone
@prowler-compliance-review multi-framework-pr-assessmentReview PRs that affect multiple compliance frameworks simultaneouslyNone

Typical Use Cases

New CIS Framework Addition

Review a PR that adds a new CIS compliance framework with complete validation

Framework Modification Review

Validate changes to existing compliance frameworks for accuracy and completeness

Multi-Framework PR Assessment

Review PRs that affect multiple compliance frameworks simultaneously

Overview

When to Use

  • Reviewing PRs that add new compliance frameworks
  • Reviewing PRs that modify existing compliance frameworks
  • Validating compliance framework JSON structure before merge

Review Checklist (Critical)

CheckCommand/MethodPass Criteria
JSON Validpython3 -m json.tool file.jsonNo syntax errors
All Checks ExistRun validation script0 missing checks
No Duplicate IDsRun validation script0 duplicate requirement IDs
CHANGELOG EntryManual reviewPresent under correct version
Dashboard FileCompare with existingFollows established pattern
Framework MetadataManual reviewAll required fields populated

Commands

 1# 1. Validate JSON syntax
 2python3 -m json.tool prowler/compliance/{provider}/{framework}.json > /dev/null \
 3  && echo "Valid JSON" || echo "INVALID JSON"
 4
 5# 2. Run full validation script
 6python3 skills/prowler-compliance-review/assets/validate_compliance.py \
 7  prowler/compliance/{provider}/{framework}.json
 8
 9# 3. Compare dashboard with existing (find similar framework)
10diff dashboard/compliance/{new_framework}.py \
11     dashboard/compliance/{existing_framework}.py

Decision Tree

JSON Valid?
├── No → FAIL: Fix JSON syntax errors
└── Yes ↓
    All Checks Exist in Codebase?
    ├── Missing checks → FAIL: Add missing checks or remove from framework
    └── All exist ↓
        Duplicate Requirement IDs?
        ├── Yes → FAIL: Fix duplicate IDs
        └── No ↓
            CHANGELOG Entry Present?
            ├── No → REQUEST CHANGES: Add CHANGELOG entry
            └── Yes ↓
                Dashboard File Follows Pattern?
                ├── No → REQUEST CHANGES: Fix dashboard pattern
                └── Yes ↓
                    Framework Metadata Complete?
                    ├── No → REQUEST CHANGES: Add missing metadata
                    └── Yes → APPROVE

Framework Structure Reference

Compliance frameworks are JSON files in: prowler/compliance/{provider}/{framework}.json

 1{
 2  "Framework": "CIS",
 3  "Name": "CIS Provider Benchmark vX.Y.Z",
 4  "Version": "X.Y",
 5  "Provider": "AWS|Azure|GCP|...",
 6  "Description": "Framework description...",
 7  "Requirements": [
 8    {
 9      "Id": "1.1",
10      "Description": "Requirement description",
11      "Checks": ["check_name_1", "check_name_2"],
12      "Attributes": [
13        {
14          "Section": "1 Section Name",
15          "SubSection": "1.1 Subsection (optional)",
16          "Profile": "Level 1|Level 2",
17          "AssessmentStatus": "Automated|Manual",
18          "Description": "...",
19          "RationaleStatement": "...",
20          "ImpactStatement": "...",
21          "RemediationProcedure": "...",
22          "AuditProcedure": "...",
23          "AdditionalInformation": "...",
24          "References": "...",
25          "DefaultValue": "..."
26        }
27      ]
28    }
29  ]
30}

Common Issues

IssueHow to DetectResolution
Missing checksValidation script reports missingAdd check implementation or remove from Checks array
Duplicate IDsValidation script reports duplicatesEnsure each requirement has unique ID
Empty Checks for AutomatedAssessmentStatus is Automated but Checks is emptyAdd checks or change to Manual
Wrong file locationFramework not in prowler/compliance/{provider}/Move to correct directory
Missing dashboard fileNo corresponding dashboard/compliance/{framework}.pyCreate dashboard file following pattern
CHANGELOG missingNot under correct version sectionAdd entry to prowler/CHANGELOG.md

Dashboard File Pattern

Dashboard files must be in dashboard/compliance/ and follow this exact pattern:

 1import warnings
 2
 3from dashboard.common_methods import get_section_containers_cis
 4
 5warnings.filterwarnings("ignore")
 6
 7
 8def get_table(data):
 9
10    aux = data[
11        [
12            "REQUIREMENTS_ID",
13            "REQUIREMENTS_DESCRIPTION",
14            "REQUIREMENTS_ATTRIBUTES_SECTION",
15            "CHECKID",
16            "STATUS",
17            "REGION",
18            "ACCOUNTID",
19            "RESOURCEID",
20        ]
21    ].copy()
22
23    return get_section_containers_cis(
24        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
25    )

Testing the Compliance Framework

After validation passes, test the framework with Prowler:

 1# Verify framework is detected
 2poetry run python prowler-cli.py {provider} --list-compliance | grep {framework}
 3
 4# Run a quick test with a single check from the framework
 5poetry run python prowler-cli.py {provider} --compliance {framework} --check {check_name}
 6
 7# Run full compliance scan (dry-run with limited checks)
 8poetry run python prowler-cli.py {provider} --compliance {framework} --checks-limit 5
 9
10# Generate compliance report in multiple formats
11poetry run python prowler-cli.py {provider} --compliance {framework} -M csv json html

Resources

What Users Are Saying

Real feedback from the community

Environment Matrix

Dependencies

Python 3.8+
Prowler CLI tool
Poetry package manager
Standard Unix tools (diff, grep, bash)

Framework Support

CIS Benchmarks ✓ (recommended) NIST Cybersecurity Framework ✓ PCI-DSS ✓ SOC2 ✓ Custom compliance frameworks ✓

Context Window

Token Usage ~3K-8K tokens depending on framework size and number of requirements

Security & Privacy

Information

Author
prowler-cloud
Updated
2026-01-30
Category
productivity-tools

Related Skills

Prowler Compliance Review

Reviews Pull Requests that add or modify compliance frameworks. Trigger: When reviewing PRs with …

View Details →

Pr Creator

Use this skill when asked to create a pull request (PR). It ensures all PRs follow the repository's …

View Details →

Pr Creator

Use this skill when asked to create a pull request (PR). It ensures all PRs follow the repository's …

View Details →