Table of Contents
End-of-Life (EoL)

Code repo scanning

Both twistcli and the Jenkins plugin can evaluate package dependencies in your code repositories for vulnerabilities.
The runtimes supported are:
  • Go
  • Java
  • Node.js
  • Python
  • Ruby

Integrate code scanning into CI builds

Point the Jenkins plugin to your code repo in the build directory.
  1. In your Jenkins job configuration, click
    Add build step
    , and select
    Scan Prisma Cloud Code Repositories
  2. Configure the repo scan.
    1. In
      Repository Name
      , specify the name to be used when reporting the results in Console.
    2. In
      Repository path
      , specify the path to the repo in the build directory.
      For example, it could simply be the current working directory (.) or some relative directory.
  3. Click
    , and then execute a build job.
    To see the scan results, log into Console, and go to
    Monitor > Vulnerabilities > Code repositories > CI
    . Prisma Cloud evaluates the contents of the repo according to the policy you’ve specified in
    Defend Vulnerabilities > Code repositories > CI
    . Prisma Cloud ships with a single default rule that alerts on all vulnerabilities.

Use twistcli to scan repos in the CI

If you’re using a CI tool other than Jenkins, Prisma Cloud ships a command line utility that can be invoked from the shell in the build pipeline.
For more information, see code repo scanning with twistcli.

Recommended For You