Arming Cloud Computing Continuum: Hunting vulnerabilities in open source hybrid clouds

In this session, we will present a new extension to Prowler, the widely adopted open-source cloud security auditing tool, adding native support for the OpenNebula cloud management platform.

Our contribution delivers a modular, non-intrusive, and scalable auditing framework that integrates essential services and a growing catalogue of security checks aligned with established reference standards. This extension enables operators to detect misconfigurations and vulnerabilities more effectively, strengthening the overall security posture of OpenNebula deployments.

We will walk through the design and implementation of the tool, share validation results from real test scenarios, and outline how this effort helps democratize cloud security within the open-source ecosystem. Finally, we will discuss opportunities for community-driven collaboration to expand and evolve this new security auditing capability.