1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Code Security
    5. Get Started with Prisma Cloud Code Security
    6. Connect Your Repositories to Code Security
    7. Add Checkov to Prisma Cloud Code Security

    Add Checkov to Prisma Cloud Code Security

    Integrating Prisma Cloud with Checkov makes it possible for Prisma Cloud Code Security to scan your infrastructure as code files (Terraform and CloudFormation), display Incidents on the Console and, optionally, cause a build to fail. For more details, see Checkov As a prerequisite, you must be sure you can access the Prisma Cloud IP addresses and hostname for Code Security. If the Prisma Cloud IP addresses are blocked, add them to an allow list and enable access to the Prisma Cloud IP addresses and hosts.
    1. Select
      Settings > Repositories > Add repository > Checkov
      .
    2. Install Checkov by choosing Python (pip) or Python3 (pip3) and copy the corresponding command to your command line, then select
      Next
      .
      Checkov requires Python version 3.8 - 3.10.
    3. Enter details of
      Directory
      , and
      Repository ID
       to scan, and select
      Next
      .
      You can optionally choose to add the Branch details. If a target branch is not specified, the Code Security scans the master branch.
      You can use the wizard to generate a command to run in your CLI tool for Checkov’s most common use-case.
    4. Copy the provided command to your command line and trigger Checkov, then select
      Done
      .
      Your configured Checkov repositories will appear on the
      Repositories
       page. On your next Checkov scan, the scan results will include the new configured repositories. Access
      Code Security
       to view the scanned results.

    General Patterns for Using Checkov

    When using Checkov in a pipeline or locally, here are some useful commands to get started:
    For more CLI commands, refer to the CLI reference.
    The following example shows you how configure Chekhov to scan the root directory, synchronize results with the tenant in the App2 stack, give it the repository ID org/repo and use the Enforcement rule settings from the platform for thresholds:
    export PRISMA_API_URL=https://api2.prismacloud.io
export BC_API_KEY=prismaaccesskey::prismasecretkey
checkov -d . --repo-id org/repo --use-enforcement-rules
    For Windows, use:
    set PRISMA_API_URL=https://api2.prismacloud.io
set BC_API_KEY=prismaaccesskey::prismasecretkey
checkov -d . --repo-id org/repo --use-enforcement-rules

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo