Add Azure Repos to Prisma Cloud Code Security
Integrating Prisma Cloud with Azure Repos makes it possible for Cloud Code Security to scan your Infrastructure-as-code files (Terraform and CloudFormation) and monitor configuration issues in development. As a prerequisite, add the Prisma Cloud IP addresses and hostname for Code Security to an allow list, to enable access to the Prisma Cloud console. The integration uses OAuth tokens to help you integrate multiple Azure Repos on the Prisma Cloud console. Enable OAuth tokens on Azure Repos to configure multiple organizations from either the same Azure Repos account or a different one.
- Verify prerequisites.For Azure Repos integration with Prisma Cloud Code Security, you need to verify access to the Azure DevOps console to help with authorization and third-party application access using OAuth.
- Authorization access.Access to Azure DevOps console enables you to grant authorization access to Prisma Cloud during integration to access organizations and repositories associated with your user token.
- Third-party application access via OAuth.To configure integration either for a single organization or multiple organizations from a single user token, you must enable third-party application access via OAuth on the Azure DevOps console.The third-party application access via OAuth gives Prisma Cloud access to all your organizations associated with your user token.
- Access Azure Repos on Prisma Cloud Code Security.
- SelectSettings > Repositories > Add Repositories.
- SelectAzure Repos.
- Configure Azure Repos account with Prisma Cloud console.
- SelectAuthorizeto configure an Azure Repos account with Single Organization.You can optionally selectMultiple Organizationand thenAuthorizeto configure an Azure Repos account with Multiple Organization.If there is an existing Azure Repos integration, you can either continue with a new organization configuration or selectSkipto select repositories for a security scan.To Skip an authorization, you must have an existing integration.
- Access the Azure DevOps console and then selectAcceptto authorize the Prisma Cloud console to access your organization account and repositories.For an existing Azure Repos integration, you can additionally choose to eitherReselect repositoriesto edit the existing configuration orRevoke OAuth User Tokento delete the user token and the associated repositories on the Prisma Cloud console. The configuration is accessible from either single organization or multiple organization.A successful authorization on the Azure DevOps console directs you to the Prisma Cloud console.
- Select repositories for scans.
- Select a user token to view the associated repositories for a security scan.A user token, by default, is always enabled. You can also configure other user tokens by selecting a specific user token.
- To select repositories for scan, you can choose from the following options.
- Permit all existing repositories: Enables Prisma Cloud to scan all existing repositories that are associated with the selected user token.
- Permit all existing and future repositories: Enables Prisma Cloud to scan all existing repositories and any new repositories that are subsequently associated with the user token.
- Choose from repository list: This option enables you to select specific repositories for scan.A single repository may be shared across one or more user tokens. In this case, any change made to a shared repository scan applies to all associated user tokens.
- SelectNextto confirm the repository selection and save the changes.
- Verify the Azure Repos integration with Prisma Cloud.
- ANew integration successfully configuredmessage appears after integration is successfully set up, and then selectDone.The Azure Repos integration you added displays onSettings > Repositories.OnRepositoriesyou can view the new integrated Azure Repos fromVCS User Tokencolumn.OnRepositories, you can also manage the integration by reselection of repositories and deletion of the repository and the integration.
- Reselect repositories: Enables you to access the list of repositories for a scan.
- Delete repository: Enables you to delete repositories for a scan from the account.
- Manage VCS user tokens: Enables you to integrate one or more Azure Repos accounts.You cannot delete the integration fromRepositoriesfor an account integration that supports multiple user tokens.
Recommended For You
Recommended videos not found.