eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/reference/services/prowler.md
Erich Blume a97391177a Deploy Prowler CIS scanner as weekly CronJob on minikube-indri 
Custom slim container (no PowerShell/Trivy), NFS-backed reports
on sifaka:/volume1/reports/prowler/, ClusterRole with read-only
RBAC for Kubernetes CIS Benchmark v1.11 checks.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-24 15:00:48 -07:00

931 B
Raw Blame History

title modified last-reviewed tags
Prowler 2026-03-24 2026-03-24
service
security

Prowler

CIS Kubernetes Benchmark scanner for compliance posture reporting.

Quick Reference

Property Value
Namespace prowler
Image registry.ops.eblu.me/blumeops/prowler (see argocd/manifests/prowler/kustomization.yaml for current tag)
Schedule Weekly (Sunday 3am)
Reports sifaka:/volume1/reports/prowler/ (NFS)
Manifests argocd/manifests/prowler/

What it does

Runs Prowler 5 as a CronJob against minikube-indri, executing CIS Kubernetes Benchmark v1.11 checks across pod security, RBAC, apiserver, etcd, kubelet, controller-manager, and scheduler. Reports are written in HTML, CSV, and JSON-OCSF to the NFS share on sifaka.

See also

  • deploy-prowler — deployment how-to, ad-hoc scan instructions, check relevance notes