1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Code Security
    5. Get Started with Prisma Cloud Code Security
    6. Prisma Cloud Code Security Dashboard

    Prisma Cloud Code Security Dashboard

    The Code Security dashboard provides you with a unified view of the top code security vulnerabilities and misconfigurations identified in scans across the code integrations that you have connected on Prisma Cloud. It gives you a contextual understanding of high priority errors that require attention across these vectors:
    • High-risk code errors by severity
    • Historical data for code issues and pull requests
    • Common policy errors
    • Licensing errors in non-compliant packages
    • IaC errors in code categories
    • Vulnerabilities seen in CVE from CVSS score
    You can view the dashboard on
    Dashboards > Code Security
    . The Code Security dashboard is only available if you have subscribed to Code Security on Prisma Cloud. To know more on user role permissions see Prisma Cloud Administrator Permissions.

    Total Errors

    The
    Total Errors
     bar provides a summary of code errors across severity of Critical, High, Medium, Low and Info. You can see custom results for all Code Security errors using filters that allow you to narrow your investigation to a specific
    Repository, Code Category
     or
    Severity
     . You can select multiple repositories, code categories and severity at once to narrow your investigation to find critical errors that may need immediate remediation . Filtering the data updates all visualizations on the dashboard. The reset filters allow you to revert back to default filter settings. You can also see contextual results for code errors by severity when selecting the number corresponding to the severity giving you access to the results on
    Code Security > Projects > Overview
    . On
    Projects
     you can execute remedial actions if necessary.

    Code Errors Visualization

    The code errors are actionable and are grouped in these areas:
    • High-risk code errors by severity
      : The
      Top Repositories buy High Risk Code Error Count
       provides a bar graph visualization of the top trending repositories to have a maximum number of Critical or High severity errors. The representing data is periodically updated, and you can verify the accuracy of the last scan by hovering on the timestamp.
    • Historical data for code issues and pull requests
      : View the trend for code errors and pull requests for repositories that are scanned using Prisma Cloud.
      • Code Issues over time
        : Visualizes the trendline of code errors from the last 30 days of a default branch in an integrated repository . The data also gives you an understanding of when the errors occurred by monitoring data on
        Opened Earlier
        ,
        Fix Pending
        , and
        Suppressed
        . You can also see if any remedial actions were taken on the same day by monitoring data on
        Fixed Today
         and
        Opened Today
        .
      • Pull Requests over time
        : Visualizes a trendline of pull requests created on specific branches of integrated repositories from the last 30 days. Monitor the vulnerability status of the PR across
        Failed Earlier
        ,
        Failed Today
        ,
        Resolved
         and
        Passed
        .
    • Common policy errors
      : The
      Common Errors by Policy
       provides a view of policies that have the highest error count. The data contextualized here is after periodic scans with timestamp available for you to see. With the high count of errors within a policy, you can also have information of the type of policy by
      Labels
      , and the
      Severity
      . Selecting the policy directs you to
      Policies
       for more actionable information. While selecting the error count directs you to
      Code Security > Projects > Overview
       to execute a remedial action if necessary.
    • Licensing errors in non-compliant packages
      : The
      Top Non-compliant Package licenses
       provides insight into non-compliant package licenses that are being used in the repositories. The data shows the number of repositories that are potentially exposed due to usage of non-compliant package licenses. The count shows the total number of instances the non-compliant package is used. Selecting the count directs you to
      Code Security > Projects > Overview
       with the non-compliant package already filtered. You can choose to execute a manual remedial action on
      Overview
       if necessary.
    • IaC errors in code categories
      : The IaC Errors by Category provides a summarized view for misconfigurations seen in IaC category. The count in each category is the number of misconfigurations identified and on selecting the count directs you to
      Code Security > Projects > IaC Misconfiguration
       where you can choose to execute a remedial action on
      Resource Explorer
      .
    • Vulnerabilities seen in CVE from CVSS score
      : The
      Top CVSS Score Code Vulnerabilities
       lists the highest CVSS score identified across vulnerability scans. You also see the Risk Factors, the potentially compromised CVE with
      Severity
      , and
      Count
      . Selecting the count directs you to
      Code Security > Projects > Vulnerabilities
       with the CVE errors preselected.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo