prowler icon indicating copy to clipboard operation
prowler copied to clipboard
verified publisher icon prowler-cloud

Prowler App - Much slower compared to Prowler CLI

Open victor-babin-fti opened this issue 8 months ago • 3 comments

Steps to Reproduce

Hi,

I have been using Prowler CLI for a while now to assess number of environments and it always worked really well.

Yesterday, I wanted to give a try using Prowler App instead. I have deployed it using docker on a Debian instance with 8vCPU and 32GB of RAM. The scans performed by Prowler App on small environments work exceptionally well (less than 4 minutes); however, on environments with dozens of thousands of resources, the scans are going to hang forever at 7%, whereas Prowler CLI takes a couple of minutes to scan the exact same environments on lower spec systems.

Expected behavior

Prowler app running just as smooth as Prowler CLI.

Actual Result with Screenshots or Logs

N/A

How did you install Prowler?

Docker (docker pull toniblyx/prowler)

Environment Resource

EC2 instance (t2.2xlarge) - 8vCPU and 32GB Debian GNU/Linux 12

OS used

Debian GNU/Linux 12

Prowler version

Latest

Pip version

N/A

Context

No response

victor-babin-fti avatar Apr 23 '25 01:04 victor-babin-fti

After further investigation, on an environment with 47,000 resources, it took:

  • 16 minutes with Prowler CLI (default configuration)
  • 90 minutes with Prowler App (default configuration)

I am keen to understand why such a big difference and whether Prowler App relies on the same configuration as Prowler CLI to scan? If not, is it possible to increase performance so that Prowler App takes as much time as Prowler CLI

victor-babin-fti avatar Apr 23 '25 02:04 victor-babin-fti

On an environment with 86,000 resources, it took:

  • 53 minutes with Prowler CLI (default configuration)
  • 162 minutes with Prowler App (default configuration)

victor-babin-fti avatar Apr 23 '25 03:04 victor-babin-fti

Hi @victor-babin-fti,

Yes, it’s expected that scans take a bit longer in the app compared to the CLI. The app runs as a full system with multiple components and services (including data persistence, aggregations, and inter-service communication) which naturally introduces some overhead.

If both tests were run on the same machine, there are a few factors to consider: each service consumes CPU and RAM, and communication between services can cause additional delays.

That said, the metrics you shared do seem unusually high. We’ll definitely look into this and work on improving it, since those differences shouldn’t be that large under normal circumstances.

Thanks for reporting this and sharing such useful and interesting data with us!

HugoPBrito avatar Apr 23 '25 09:04 HugoPBrito

Hi @victor-babin-fti,

Is the incident still happening in the latest version of Prowler? If so, we’ll need more details to investigate further.

That said, it’s worth considering everything @HugoPBrito mentioned about performance differences, some variation is expected, though maybe not with such a large gap.

Thanks for the feedback!

puchy22 avatar Sep 26 '25 07:09 puchy22