Add providers without initiating a scan

[paminhoff]

New feature motivation

This might actually be two feature requests, depending on the "adventure chosen." With my setup (t3.large EC2 instance running the UI, API, and workers on docker with the host network; the database is hosted on a tiny PostgreSQL RDS instance), adding multiple providers at once often leads to resource exhaustion, for example if I am adding more than 3 providers at once, when I try to add a third account a scan is already running on the other two, I either get credential errors or the app crashes entirely. When that happens, the running scans get stuck in a zombie state, and the only way to recover is to remove the affected provider(s).

Solution Proposed

Keep the current form for adding providers, but give us the option to not start a scan right away. Even if we do want a scan, it should be postponed until any current jobs finish. Ideally, all scan scheduling should just happen through the Scan Jobs form.

Describe alternatives you've considered

Separate provider onboarding from Scanning. Scans should be fully managed from the Scan Jobs form—manual or scheduled. That includes the ability to trigger a scan manually from there, regardless of how it was configured.

Additional context

No response

[drewkerrigan]

Thank you for the suggestion and feedback!

[puchy22]

Hi @paminhoff,

I believe this problem is already solved in two different ways:

Via the UI: If you add credentials for a provider but don’t test the connection, the scan won’t run. This allows you to set up all your providers and their secrets first, and only then start testing connections executing scans.

Bulk provisioning: Adding many providers at once through the UI isn’t the best approach. For that, we have a script that uses the Prowler API to add multiple providers easily. You can find a clear explanation of this approach in our blog post: https://prowler.com/blog/automate-multi-cloud-security-at-scale-bulk-provider-provisioning-in-prowler/