Add GitLab Runner to Prisma Cloud Code Security

Run Prisma Cloud Code Security as a stage in your GitLab CI/CD pipeline to identify and block vulnerabilities and misconfiguraitons. View the scan results in GitLab or on the Prisma Cloud administrative console.
As a prerequisite you are required to add the Prisma Cloud IP addresses and hostname for Code Security to an allow list, to enable access to the Prisma Cloud Console. Also, have your Prisma Access Key and Prisma Secret Key available.
  1. Add your Prisma Access Key and Prisma Secret Key as GitLab environment variables using the variable names PRISMA_ACCESS_KEY and PRISMA_SECRET_KEY
  2. Either directly create or edit the .gitlab-ci.yml or go to
    CI/CD > Editor
    and add the following job code to an appropriate stage
    stages: - validate prisma-cloud: variables: PRISMA_API_URL: image: name: bridgecrew/checkov:latest entrypoint: - '/usr/bin/env' - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' stage: validate script: - checkov -d . --bc-api-key $PRISMA_ACCESS_KEY::$PRISMA_SECRET_KEY --repo-id $CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME --branch $CI_COMMIT_REF_NAME -s - checkov -d . -o junitxml > prismacloud.xml artifacts: paths: - prismacloud.xml reports: junit: prismacloud.xml
    You will need to modify the PRISMA_API_URL to the API URL for your Prisma Cloud stack. The list of URLs can be found here.
    This will automatically scan and display results in the Tests section on GitLab and on the Prisma Cloud console.

Recommended For You