flowchart TB
CREDS([cloud credentials]) --> PROVIDERS
subgraph PROVIDERS["Per-Cloud Providers"]
AWS[AWS]
AZURE[Azure]
GCP[GCP]
ALI[Alibaba Cloud]
OCI[OCI]
end
PROVIDERS --> COLLECTOR[Configuration Collector<br/>per-service: EC2, S3, IAM, network, ...<br/>collects FULL config, not just findings]
COLLECTOR --> RULES[Rules Engine<br/>per-service rules → findings + severity]
RULES --> REPORT[Report Generator]
REPORT --> HTML[(Single Offline HTML Report<br/>self-contained · no server · embedded JS navigation)]
style COLLECTOR fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style HTML fill:#1a1015,stroke:#5eead4,color:#e4e4e8
Reading: Scout Suite's architecture is assessment-focused. Per-cloud providers enumerate configuration. The collector gathers FULL config (not just pass/fail) — the security group rules, the IAM policies, the bucket configs. The rules engine evaluates. The report generator produces a single offline HTML file. The defining property is the last box: a self-contained report with no server, viewable in any browser, years later.
flowchart LR
subgraph SCOUT["Scout Suite — Assessment"]
S1[Point-in-time snapshot]
S2[Single offline HTML report]
S3[Full config collection]
S4[Client deliverable]
S5[No CI integration]
S6[GPL-2.0]
end
subgraph PROWLER["Prowler — Operations"]
P1[Continuous monitoring]
P2[Structured findings (OCSF/ASFF)]
P3[600+ checks]
P4[SIEM / ticketing integration]
P5[GitHub Action CI gate]
P6[Apache-2.0]
end
SCOUT -.complementary: assessment + operations.-> PROWLER
style SCOUT fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style PROWLER fill:#0d1b2a,stroke:#5eead4,color:#5eead4
Reading: Scout Suite and Prowler are different tools for different jobs. Scout is the assessment specialist: point-in-time, offline report, client deliverable, full config context. Prowler is the operations specialist: continuous, structured output, CI-integrated, deep checks. A mature cloud security program uses both — Scout during audits, Prowler between audits.
flowchart TB
SCAN[scout aws --report] --> COLLECT[enumerate + collect full config]
COLLECT --> EVALUATE[run ruleset → findings + severity]
EVALUATE --> GENERATE[render single HTML file<br/>embedded JS · no server]
GENERATE --> FILE[(report.html<br/>self-contained)]
FILE --> PORTABLE[Portable: works anywhere, no server]
FILE --> ARCHIVABLE[Archivable: snapshot viewable years later]
FILE --> DELIVERABLE[Client deliverable: single file, no portal/account]
FILE --> RISK[Risk: full cloud config in one exfiltrable file]
style FILE fill:#1a1015,stroke:#5eead4,color:#e4e4e8
style PORTABLE fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style ARCHIVABLE fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style DELIVERABLE fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style RISK fill:#2a0d0d,stroke:#5eead4,color:#f08080
Reading: The offline HTML report is Scout Suite's defining property and its three advantages (portable, archivable, client-deliverable) all stem from one decision: self-contained, no server. But the same property creates the risk (red): the report contains full cloud configuration in a single, easily-exfiltrated file. Govern the report file with the same care as the credentials that produced it.
flowchart TB
START([cloud security question]) --> Q1{continuous monitoring<br/>or point-in-time assessment?}
Q1 -->|continuous| PROWLER[Prowler (SDD-04)<br/>CSPM · CI gate · SIEM feed]
Q1 -->|point-in-time / audit| Q2{need a client report<br/>or escalation paths?}
Q2 -->|client report| SCOUT[Scout Suite (SDD-05)<br/>offline HTML · full config · deliverable]
Q2 -->|escalation paths| SDD06[Attack-Path Tools (SDD-06)<br/>pmapper · BloodHound · graph traversal]
style PROWLER fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style SCOUT fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style SDD06 fill:#0d1b2a,stroke:#5eead4,color:#5eead4
Reading: The decision tree for cloud security tooling. Continuous monitoring → Prowler. Point-in-time audit needing a client report → Scout Suite. Privilege-escalation path analysis → SDD-06 graph tools. They answer different questions; a mature program has all three.
# Diagrams — SDD-05: Scout Suite
---
## Diagram 1 — Scout Suite's Assessment Architecture
```mermaid
flowchart TB
CREDS([cloud credentials]) --> PROVIDERS
subgraph PROVIDERS["Per-Cloud Providers"]
AWS[AWS]
AZURE[Azure]
GCP[GCP]
ALI[Alibaba Cloud]
OCI[OCI]
end
PROVIDERS --> COLLECTOR[Configuration Collector<br/>per-service: EC2, S3, IAM, network, ...<br/>collects FULL config, not just findings]
COLLECTOR --> RULES[Rules Engine<br/>per-service rules → findings + severity]
RULES --> REPORT[Report Generator]
REPORT --> HTML[(Single Offline HTML Report<br/>self-contained · no server · embedded JS navigation)]
style COLLECTOR fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style HTML fill:#1a1015,stroke:#5eead4,color:#e4e4e8
```
**Reading**: Scout Suite's architecture is assessment-focused. Per-cloud providers enumerate configuration. The collector gathers FULL config (not just pass/fail) — the security group rules, the IAM policies, the bucket configs. The rules engine evaluates. The report generator produces a single offline HTML file. The defining property is the last box: a self-contained report with no server, viewable in any browser, years later.
---
## Diagram 2 — Scout Suite vs Prowler (Assessment vs Operations)
```mermaid
flowchart LR
subgraph SCOUT["Scout Suite — Assessment"]
S1[Point-in-time snapshot]
S2[Single offline HTML report]
S3[Full config collection]
S4[Client deliverable]
S5[No CI integration]
S6[GPL-2.0]
end
subgraph PROWLER["Prowler — Operations"]
P1[Continuous monitoring]
P2[Structured findings (OCSF/ASFF)]
P3[600+ checks]
P4[SIEM / ticketing integration]
P5[GitHub Action CI gate]
P6[Apache-2.0]
end
SCOUT -.complementary: assessment + operations.-> PROWLER
style SCOUT fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style PROWLER fill:#0d1b2a,stroke:#5eead4,color:#5eead4
```
**Reading**: Scout Suite and Prowler are different tools for different jobs. Scout is the assessment specialist: point-in-time, offline report, client deliverable, full config context. Prowler is the operations specialist: continuous, structured output, CI-integrated, deep checks. A mature cloud security program uses both — Scout during audits, Prowler between audits.
---
## Diagram 3 — The Offline HTML Report (Why It Is the Defining Property)
```mermaid
flowchart TB
SCAN[scout aws --report] --> COLLECT[enumerate + collect full config]
COLLECT --> EVALUATE[run ruleset → findings + severity]
EVALUATE --> GENERATE[render single HTML file<br/>embedded JS · no server]
GENERATE --> FILE[(report.html<br/>self-contained)]
FILE --> PORTABLE[Portable: works anywhere, no server]
FILE --> ARCHIVABLE[Archivable: snapshot viewable years later]
FILE --> DELIVERABLE[Client deliverable: single file, no portal/account]
FILE --> RISK[Risk: full cloud config in one exfiltrable file]
style FILE fill:#1a1015,stroke:#5eead4,color:#e4e4e8
style PORTABLE fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style ARCHIVABLE fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style DELIVERABLE fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style RISK fill:#2a0d0d,stroke:#5eead4,color:#f08080
```
**Reading**: The offline HTML report is Scout Suite's defining property and its three advantages (portable, archivable, client-deliverable) all stem from one decision: self-contained, no server. But the same property creates the risk (red): the report contains full cloud configuration in a single, easily-exfiltrated file. Govern the report file with the same care as the credentials that produced it.
---
## Diagram 4 — When to Reach for Which Tool (Scout vs Prowler vs SDD-06)
```mermaid
flowchart TB
START([cloud security question]) --> Q1{continuous monitoring<br/>or point-in-time assessment?}
Q1 -->|continuous| PROWLER[Prowler (SDD-04)<br/>CSPM · CI gate · SIEM feed]
Q1 -->|point-in-time / audit| Q2{need a client report<br/>or escalation paths?}
Q2 -->|client report| SCOUT[Scout Suite (SDD-05)<br/>offline HTML · full config · deliverable]
Q2 -->|escalation paths| SDD06[Attack-Path Tools (SDD-06)<br/>pmapper · BloodHound · graph traversal]
style PROWLER fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style SCOUT fill:#0d1b2a,stroke:#5eead4,color:#5eead4
style SDD06 fill:#0d1b2a,stroke:#5eead4,color:#5eead4
```
**Reading**: The decision tree for cloud security tooling. Continuous monitoring → Prowler. Point-in-time audit needing a client report → Scout Suite. Privilege-escalation path analysis → SDD-06 graph tools. They answer different questions; a mature program has all three.