Add AWS Code Build to Prisma Cloud Application Security
Table of Contents
Add AWS Code Build to Prisma Cloud Application Security
Integrate Prisma Cloud Application Security with AWS Code Build to scan your Infrastructure-as-Code (IaC) files, view incidents on the console, and configure whether or not a build fails based on the severity of the violation.
As a prerequisite you are required to add the Prisma Cloud IP addresses and hostname for Application Security to an allow list, to enable access to the Prisma Cloud Console.
- SelectSettings > Repositories > Add Repository > AWS Code Build.
- Enter the command in to the CLI, then selectNext.Copy and the paste the command that displays on-screen.
- Set up thebuildspec.yamlconfiguration, then selectDone.Use the on-screen sample as a reference to configure the buildspec file for AWS CodeBuild. A buildspec is a collection of build commands and related settings, in YAML format, that CodeBuild uses to run a build. Save this file in the root (top level) directory.
You can see the AWS CodeBuild repositories configured with the buildspec file onSettings > RepositoriesonCode Repositories. On your next AWS CodeBuild scan, the scan results will include the newly configured repositories. You can view the scan results onApplication Security > ProjectsonOverview.You can see here to Suppress or Fix the policy misconfigurations.