1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Code Security
    5. Get Started with Prisma Cloud Code Security
    6. Connect Your Repositories to Code Security
    7. Add Azure Repos to Prisma Cloud Code Security

    Add Azure Repos to Prisma Cloud Code Security

    Integrating Prisma Cloud with Azure Repos makes it possible for Cloud Code Security to scan your Infrastructure-as-code files (Terraform and CloudFormation) and monitor configuration issues in development. As a prerequisite, add the Prisma Cloud IP addresses and hostname for Code Security to an allow list, to enable access to the Prisma Cloud console. The integration uses OAuth tokens to help you integrate multiple Azure Repos on the Prisma Cloud console. Enable OAuth tokens on Azure Repos to configure multiple organizations from either the same Azure Repos account or a different one.
    1. Verify prerequisites.
      For Azure Repos integration with Prisma Cloud Code Security, you need to verify access to the Azure DevOps console to help with authorization and third-party application access using OAuth.
      • Authorization access.
        Access to Azure DevOps console enables you to grant authorization access to Prisma Cloud during integration to access organizations and repositories associated with your user token.
      • Third-party application access via OAuth.
        To configure integration either for a single organization or multiple organizations from a single user token, you must enable third-party application access via OAuth on the Azure DevOps console.
        The third-party application access via OAuth gives Prisma Cloud access to all your organizations associated with your user token.
      • Do not limit authorization scope
        To ensure that Prisma Cloud has access to the repositories, ensure "Limit job authorization scope to current project for non-release pipelines" is
        Off
        . This can be found in
        Project Settings > Settings > General
        .
    2. Access Azure Repos on Prisma Cloud Code Security.
      1. Select
        Settings > Repositories > Add Repositories
        .
      2. Select
        Azure Repos
        .
    3. Configure Azure Repos account with Prisma Cloud console.
      1. Select
        Authorize
         to configure an Azure Repos account with Single Organization.
        You can optionally select
        Multiple Organization
         and then
        Authorize
         to configure an Azure Repos account with Multiple Organization.
        If there is an existing Azure Repos integration, you can either continue with a new organization configuration or select
        Skip
         to select repositories for a security scan.
        To Skip an authorization, you must have an existing integration.
      2. Access the Azure DevOps console and then select
        Accept
         to authorize the Prisma Cloud console to access your organization account and repositories.
        For an existing Azure Repos integration, you can additionally choose to either
        Reselect repositories
         to edit the existing configuration or
        Revoke OAuth User Token
         to delete the user token and the associated repositories on the Prisma Cloud console. The configuration is accessible from either single organization or multiple organization.
        A successful authorization on the Azure DevOps console directs you to the Prisma Cloud console.
    4. Select repositories for scans.
      1. Select a user token to view the associated repositories for a security scan.
        A user token, by default, is always enabled. You can also configure other user tokens by selecting a specific user token.
      2. To select repositories for scan, you can choose from the following options.
        • Permit all existing repositories
          : Enables Prisma Cloud to scan all existing repositories that are associated with the selected user token.
        • Permit all existing and future repositories
          : Enables Prisma Cloud to scan all existing repositories and any new repositories that are subsequently associated with the user token.
        • Choose from repository list
          : This option enables you to select specific repositories for scan.
          A single repository may be shared across one or more user tokens. In this case, any change made to a shared repository scan applies to all associated user tokens.
      3. Select
        Next
         to confirm the repository selection and save the changes.
    5. Verify the Azure Repos integration with Prisma Cloud.
      1. A
        New integration successfully configured
         message appears after integration is successfully set up, and then select
        Done
        .
        The Azure Repos integration you added displays on
        Settings > Repositories.
        On
        Repositories
         you can view the new integrated Azure Repos from
        VCS User Token
         column.
        On
        Repositories
        , you can also manage the integration by reselection of repositories and deletion of the repository and the integration.
        • Reselect repositories
          : Enables you to access the list of repositories for a scan.
        • Delete repository
          : Enables you to delete repositories for a scan from the account.
        • Manage VCS user tokens
          : Enables you to integrate one or more Azure Repos accounts.
          You cannot delete the integration from
          Repositories
           for an account integration that supports multiple user tokens.
          After a code security scan, access
          Code Security > Projects
           to view the latest integrated Azure Repos repository to Suppress or Fix the policy misconfigurations.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo