Add Azure Repos to Prisma Cloud Code Security

Integrating Prisma Cloud with Azure Repos makes it possible for Cloud Code Security to scan your Infrastructure-as-code files (Terraform and CloudFormation) and monitor configuration issues in development. As a prerequisite, add the Prisma Cloud IP addresses and hostname for Code Security to an allow list, to enable access to the Prisma Cloud console. The integration uses OAuth tokens to help you integrate multiple Azure Repos on the Prisma Cloud console. Enable OAuth tokens on Azure Repos to configure multiple organizations from either the same Azure Repos account or a different one.
  1. Verify prerequisites.
    For Azure Repos integration with Prisma Cloud Code Security, you need to verify access to the Azure DevOps console to help with authorization and third-party application access using OAuth.
    • Authorization access.
      Access to Azure DevOps console enables you to grant authorization access to Prisma Cloud during integration to access organizations and repositories associated with your user token.
    • Third-party application access via OAuth.
      To configure integration either for a single organization or multiple organizations from a single user token, you must enable third-party application access via OAuth on the Azure DevOps console.
      The third-party application access via OAuth gives Prisma Cloud access to all your organizations associated with your user token.
  2. Access Azure Repos on Prisma Cloud Code Security.
    1. Select
      Settings > Repositories > Add Repositories
      .
    2. Select
      Azure Repos
      .
  3. Configure Azure Repos account with Prisma Cloud console.
    1. Select
      Authorize
      to configure an Azure Repos account with Single Organization.
      You can optionally select
      Multiple Organization
      and then
      Authorize
      to configure an Azure Repos account with Multiple Organization.
      If there is an existing Azure Repos integration, you can either continue with a new organization configuration or select
      Skip
      to select repositories for a security scan.
      To Skip an authorization, you must have an existing integration.
    2. Access the Azure DevOps console and then select
      Accept
      to authorize the Prisma Cloud console to access your organization account and repositories.
      For an existing Azure Repos integration, you can additionally choose to either
      Reselect repositories
      to edit the existing configuration or
      Revoke OAuth User Token
      to delete the user token and the associated repositories on the Prisma Cloud console. The configuration is accessible from either single organization or multiple organization.
      A successful authorization on the Azure DevOps console directs you to the Prisma Cloud console.
  4. Select repositories for scans.
    1. Select a user token to view the associated repositories for a security scan.
      A user token, by default, is always enabled. You can also configure other user tokens by selecting a specific user token.
    2. To select repositories for scan, you can choose from the following options.
      • Permit all existing repositories
        : Enables Prisma Cloud to scan all existing repositories that are associated with the selected user token.
      • Permit all existing and future repositories
        : Enables Prisma Cloud to scan all existing repositories and any new repositories that are subsequently associated with the user token.
      • Choose from repository list
        : This option enables you to select specific repositories for scan.
        A single repository may be shared across one or more user tokens. In this case, any change made to a shared repository scan applies to all associated user tokens.
    3. Select
      Next
      to confirm the repository selection and save the changes.
  5. Verify the Azure Repos integration with Prisma Cloud.
    1. A
      New integration successfully configured
      message appears after integration is successfully set up, and then select
      Done
      .
      The Azure Repos integration you added displays on
      Settings > Repositories.
      On
      Repositories
      you can view the new integrated Azure Repos from
      VCS User Token
      column.
      On
      Repositories
      , you can also manage the integration by reselection of repositories and deletion of the repository and the integration.
      • Reselect repositories
        : Enables you to access the list of repositories for a scan.
      • Delete repository
        : Enables you to delete repositories for a scan from the account.
      • Manage VCS user tokens
        : Enables you to integrate one or more Azure Repos accounts.
        You cannot delete the integration from
        Repositories
        for an account integration that supports multiple user tokens.
        After a code security scan, access
        Code Security > Projects
        to view the latest integrated Azure Repos repository to Suppress or Fix the policy misconfigurations.

Recommended For You