Add Prowler cloud security scanner appliance

[pablodelarco]

Appliance

New appliance submission for Prowler cloud security scanner appliance.

Appliance Name

:app: prowlercloud

Type of Contribution

• New Appliance
• Update to an Existing Appliance

Description of Changes

This PR adds a new Prowler cloud security scanner appliance running on Ubuntu 24.04 to the OpenNebula Community Marketplace.

Prowler is the world's most widely used open-source cloud security platform that automates security and compliance across any cloud environment. This appliance provides:

• Complete Prowler CLI deployment with Docker
• 500+ security checks across AWS, Azure, GCP, and Kubernetes
• Compliance frameworks: CIS, NIST, PCI-DSS, GDPR, HIPAA, SOC2
• Multi-cloud security assessments
• Security reports and dashboards
• VNC access for direct console interaction
• SSH key authentication from OpenNebula context variables

Technical Implementation:

• Ubuntu 24.04 base system with Docker Engine pre-installed
• Prowler container (prowlercloud/prowler:latest-amd64) pre-pulled and ready to run
• Automatic container startup via OpenNebula contextualization
• 16GB disk size to accommodate the large Docker image (~5GB)
• Ports 3000 and 8080 exposed for web interfaces

Access Methods:

• SSH: ssh root@<VM_IP>
• Prowler CLI: docker exec prowler poetry run prowler <provider>
• VNC: Direct access via OpenNebula Sunstone

Contributor Checklist

• The submission follows the Contribution Guidelines
• My submission is based on the latest version of the master branch
• For a new appliance, this Pull Request follows the agreed naming convention (lowercase with hyphen: prowlercloud)
• Complete Packer build structure included
• All necessary context scripts and configuration files included

Publisher Information

• Publisher: Pablo del Arco
• Email: pdelarco@opennebula.io
• Version: 1.0.0-1
• Docker Image: prowlercloud/prowler:latest-amd64
• Base OS: Ubuntu 24.04

Testing & Validation

• ✅ Tested with OpenNebula 7.0 and KVM hypervisor
• ✅ Image builds successfully with Packer
• ✅ Docker image pre-pulled during build
• ✅ VNC and SSH access verified
• ✅ Prowler container starts automatically on boot
• ✅ Prowler 5.17.0 verified working
• ✅ CLI commands functional (poetry run prowler --version)

Files Added

Appliance Files:

• appliances/prowlercloud/appliance.sh - Main appliance script with Docker container management
• appliances/prowlercloud/metadata.yaml - Appliance metadata
• appliances/prowlercloud/README.md - Documentation
• appliances/prowlercloud/CHANGELOG.md - Version history
• appliances/prowlercloud/context.yaml - Context configuration
• appliances/prowlercloud/tests.yaml - Test configuration
• appliances/prowlercloud/tests/00-prowlercloud_basic.rb - Basic functionality tests
• appliances/prowlercloud/71e1342f-45ce-40f1-849d-0bb600f3521a.yaml - Appliance configuration

Packer Build Files:

• apps-code/community-apps/packer/prowlercloud/prowlercloud.pkr.hcl - Main Packer configuration
• apps-code/community-apps/packer/prowlercloud/variables.pkr.hcl - Build variables
• apps-code/community-apps/packer/prowlercloud/common.pkr.hcl - Common configuration (symlink)
• apps-code/community-apps/packer/prowlercloud/gen_context - Context generation script
• apps-code/community-apps/packer/prowlercloud/81-configure-ssh.sh - SSH configuration
• apps-code/community-apps/packer/prowlercloud/82-configure-context.sh - Context configuration
• apps-code/community-apps/packer/prowlercloud/postprocess.sh - Post-processing script

Other Files:

• logos/prowlercloud.png - Official Prowler logo
• docs/automatic-appliance-tutorial/prowlercloud.env - Wizard environment file

Usage

After deploying the appliance, SSH into the VM and configure cloud credentials to run security scans:

# For AWS scanning
docker exec prowler poetry run prowler aws

# For Azure scanning
docker exec prowler poetry run prowler azure

# For GCP scanning
docker exec prowler poetry run prowler gcp

# For Kubernetes scanning
docker exec prowler poetry run prowler kubernetes