Prancer Cloud Security Platform is built based on the core Prancer framework codebase (https://github.com/prancer-io/cloud-validation-framework). Prancer Framework leverages the well-architected concepts for scalability and extendability.
Prancer Framework uses various Configuration files to complete the security scanning of the resources available in an external provider (Cloud, Git, K8s). Here are a brief introduction to Framework configuration files:
Connector: Connector config files store the required information to connect to an external provider. Depends on the type of the external provider, the structure of the Connector file could be different.
Master Snapshot Configuration file: in this file, we store the type of resources we want to crawl. In the IaC realm, we can put enough information inside the Master Snapshot Config file to crawl all the files we are looking for (json, yaml, terraform,…) . In the Cloud live examples, we can ask for all the Virtual Machines inside our cloud provider!
Snapshot Configuration File: Prancer crawler engine uses the Master Snapshot Configuration file to find individual resources in the target environment. file1.yaml, file2.yaml could be items in the Snapshot Config file
Master Test File: the compliance tests we want to run on each type of resource available in the Master Snapshot Config file
Test file: the compliance tests related to individual resources
to understand more about how these files all work together, you can watch the following video: