Prowler Cloud for VS Code

Multi-cloud security assessment powered by Prowler, directly in VS Code Copilot Chat.

Features

24+ MCP Tools — Findings, providers, scans, compliance, muting, resources, hub catalog, and docs search available in Copilot Chat
Secure Authentication — API token stored in the OS keychain via VS Code SecretStorage
Zero Local Install — Uses the public Prowler MCP server (https://mcp.prowler.com/mcp) via npx mcp-remote
Always Up-to-Date — Tools managed by Prowler, no manual updates needed
Status Bar — See connection state at a glance
Sidebar Panel — Token status, server URL, and quick actions
Guided Walkthrough — Step-by-step setup on first install

Requirements

VS Code 1.99+ (MCP support required)
Node.js (for npx mcp-remote)
A Prowler Cloud account and API key (cloud.prowler.com)

Setup

Get an API Key — Log in to Prowler Cloud, navigate to Settings > API Keys, and create a new key (starts with pk_).
Install the Extension — Search for "Prowler Cloud" in the VS Code Marketplace or install from the Extensions view.
Set the Token — Run Prowler Cloud: Set API Token from the Command Palette (Ctrl+Shift+P / Cmd+Shift+P) and paste the key.
Start Chatting — Open Copilot Chat and ask about cloud security.

Example Prompts

Once configured, try these in Copilot Chat:

"Show me my providers"
"List critical findings from the last scan"
"What compliance frameworks are available?"
"Mute finding X with reason Y"
"Search the Prowler documentation for S3 bucket policies"
"Show me the hub catalog for AWS checks"

Extension Settings

Setting	Default	Description
`prowlerCloud.mcpServerUrl`	`https://mcp.prowler.com/mcp`	Prowler MCP server URL
`prowlerCloud.apiBaseUrl`	`https://api.prowler.com/api/v1`	Prowler Cloud API base URL

Commands

Command	Description
`Prowler Cloud: Set API Token`	Store an API key securely
`Prowler Cloud: Clear API Token`	Remove the stored API key
`Prowler Cloud: Show Status`	Display current connection status
`Prowler Cloud: Open Dashboard`	Open Prowler Cloud in a browser
`Prowler Cloud: Restart MCP Server`	Restart the MCP server connection

Security

The API token is stored in the OS keychain via VS Code SecretStorage — never in settings.json or plaintext files.
The token input box uses password: true — the token is masked during entry.
The token is sent as an HTTP header via mcp-remote --header — a standard auth mechanism.
The token is never logged to output channels.

How It Works

This extension registers the public Prowler MCP server with VS Code using vscode.lm.registerMcpServerDefinitionProvider. When Copilot Chat starts, it discovers all Prowler tools automatically. The server runs via npx mcp-remote, which proxies the remote MCP endpoint as a local stdio process — no Python, Docker, or additional dependencies required.

Hub and Docs tools work without authentication. Provider, scan, finding, and management tools require a valid API token.

License

Apache-2.0 — see LICENSE.