"What is Scout Suite, and what is its defining output?" Scout Suite is an open-source multi-cloud security auditing tool (NCC Group, GPL-2.0). Its defining output is a SINGLE OFFLINE HTML REPORT — self-contained, no server, viewable in any browser years later. It is the point-in-time assessment baseline; counterpart to Prowler's continuous CSPM. course2a::sdd05::recall "Scout Suite vs Prowler: assessment vs operations. Explain." Scout Suite = point-in-time ASSESSMENT (offline HTML report, client deliverable, full config context, no CI). Prowler = continuous OPERATIONS (structured findings, SIEM/ticketing integration, GitHub Action CI gate, 600+ checks). Complementary: Scout during audits, Prowler between audits. course2a::sdd05::analysis "Why is the offline HTML report a deliberate design choice? What does it cost?" Three advantages: portable (works anywhere, no server), archivable (snapshot viewable years later), client-deliverable (single file, no portal). COST: no continuous monitoring (it is a snapshot), no API integration (HTML is for humans), no remediation. Assessment, not operations. course2a::sdd05::analysis "What is Scout Suite's key security risk regarding its report?" The report contains FULL cloud configuration (actual security group rules, IAM policies, bucket configs) in a single, easily-exfiltrated file. An attacker who obtains the report has a map of the environment. Govern the report file with the same care as the credentials that produced it. The offline property's flip side: easy to exfiltrate. course2a::sdd05::analysis "What does Scout Suite collect that Prowler's findings do not?" FULL CONFIGURATION — the actual security group rules, IAM policies, bucket configs. Prowler produces pass/fail findings; Scout collects the raw config that GIVES CONTEXT to the finding. The report is a map of the environment, not just a list of failures. course2a::sdd05::analysis "State Scout Suite's score on the 12-module rubric. Why does it score lower than Prowler?" 27/45 (9 scored, 3 n/a). Lower than Prowler's 35/45 on Memory (2), State (2), Tool Design (3) — reflecting narrower scope and snapshot model. BUT matches on Sandboxing (5) and scores 5 on Observability for the report. Scores aren't comparable across tools of different intent; Scout is the report specialist. course2a::sdd05::analysis "Scout Suite license vs Prowler license — what matters?" Scout Suite = GPL-2.0 (copyleft). Prowler = Apache-2.0 (permissive). Relevant if embedding in a commercial product: GPL copyleft obligations apply to derivative works; Apache is commercial-friendly without copyleft. Prowler is safer for commercial embedding. course2a::sdd05::analysis "Name 3 things Scout Suite does BETTER than any other harness in the roster." (1) The offline HTML report artifact (portable, archivable, client-deliverable — no comparable deliverable elsewhere). (2) Full configuration collection (actual rules/policies, not just pass/fail — gives context). (3) Multi-cloud assessment simplicity (one command, one report per cloud). course2a::sdd05::recall "Name 3 things you would fix if you built on Scout Suite." (1) Add a structured JSON output alongside HTML (bridge assessment to operations). (2) Add cross-run diffing (two reports diffed = what changed between assessments?). (3) Deepen the ruleset toward Prowler's check count (borrow Prowler's catalog for assessment breadth). course2a::sdd05::application "Walk through the decision tree: when do you reach for Scout vs Prowler vs SDD-06?" Continuous monitoring → Prowler (SDD-04). Point-in-time audit needing a client report → Scout Suite (SDD-05). Privilege-escalation path analysis → SDD-06 graph tools (pmapper, BloodHound). They answer different questions; a mature program has all three. course2a::sdd05::analysis "Why is Scout Suite read-only, and why does that matter for assessment?" Read-only means it reads config, does not mutate. Safe to run against a client's production cloud during an audit — worst case is a report, not a broken cloud. This is the same property as Prowler and is non-negotiable for assessment tools that run against environments you do not own. course2a::sdd05::analysis "State Scout Suite's Architect's Verdict in one line." The point-in-time multi-cloud assessment baseline (read-only, full-config collection, single offline HTML report); sacrifices continuous monitoring, API integration, and check depth to optimize for the client deliverable; run Scout during audits, Prowler between audits, SDD-06 for escalation paths. course2a::sdd05::recall