Prisma Cloud Compute Edition Administrator’s Guide
    : Code repo scanning
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Compute Edition Administrator’s Guide
    5. Continuous integration
    6. Code repo scanning
    Download PDF

    Prisma Cloud Compute Edition Administrator’s Guide

    Code repo scanning

    Table of Contents
    End-of-Life (EoL)

    Code repo scanning

    Both twistcli and the Jenkins plugin can evaluate package dependencies in your code repositories for vulnerabilities.
    The runtimes supported are:
    • Go
    • Java
    • Node.js
    • Python
    • Ruby

    Integrate code scanning into CI builds

    Point the Jenkins plugin to your code repo in the build directory.
    1. In your Jenkins job configuration, click
      Add build step
      , and select
      Scan Prisma Cloud Code Repositories
      .
    2. Configure the repo scan.
      1. In
        Repository Name
        , specify the name to be used when reporting the results in Console.
      2. In
        Repository path
        , specify the path to the repo in the build directory.
        For example, it could simply be the current working directory (.) or some relative directory.
    3. Click
      Save
      , and then execute a build job.
      To see the scan results, log into Console, and go to
      Monitor > Vulnerabilities > Code repositories > CI
      . Prisma Cloud evaluates the contents of the repo according to the policy you’ve specified in
      Defend Vulnerabilities > Code repositories > CI
      . Prisma Cloud ships with a single default rule that alerts on all vulnerabilities.

    Use twistcli to scan repos in the CI

    If you’re using a CI tool other than Jenkins, Prisma Cloud ships a command line utility that can be invoked from the shell in the build pipeline.
    For more information, see code repo scanning with twistcli.

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.