Add Jenkins CI/CD Systems to Prisma Cloud Application Security
Table of Contents
Add Jenkins CI/CD Systems to Prisma Cloud Application Security
Integrate Prisma Cloud with your Jenkins server to gain visibility into and monitor the systems, technologies, configurations, and pipelines that make up the Jenkins platform.
Integrating Jenkins will allow you to conduct security scans to identify issues such as CI/CD pipeline risks, vulnerabilities, and exposed secrets in the Jenkins environment, allowing you to understand and fix issues as soon as they are detected.
- In Prisma Cloud Generate and save a Prisma Cloud Access Key ID and secret if you have not yet performed this task.It is recommended to assign the access token the role ofSystem Adminto facilitate integration.
- On the Prisma Cloud console.
- SelectSettings>Code & Build Providers>Add>Jenkins Plugin(under CI/CD Systems).
- SelectAdd Integrationfrom the Jenkins integration wizard.
- Provide aJenkins Instance Display Name>Next.A uniqueJenkins instance identifieris automatically generated after providing the Jenkins instance display name.The display name is an alias of your choice, allowing you to identify the integration.
- SelectDownloadinstep 1of the wizard to download the Prisma Cloud Application Security Jenkins pluginprisma-cloud.hpifile.
- Copy and save the unique Jenkins instance identifier fromstep 2of the wizard.
- SelectDoneThe integration is added in the UI but integration is pending only and will only be completed after completing step 3 below.You can retrieve your Jenkins instance identifier by accessing the integrated Jenkins Plugin (see step 1 above) > selecting theActionsmenu next to an integration in the wizard >Copy instance identifier.
- In Jenkins.
- If your Jenkins server has limited outgoing connections, make sure to permit an outgoing connection from the Jenkins server to Prisma IP addresses. For Prisma Cloud IP addresses see here.
- Install the plugin on your Jenkins server.
- SelectChoose Filein theDeploy Pluginsection > browse for thePrismaCloudPlugin.hpifile >Upload>Deploy.
- Configure the plugin.
- Fill in the provided fields.
- Jenkins Instance Display Name: The alias that you provided in step 2 above.
- Jenkins Instance Identifier: The identifier generated when creating the Jenkins instance display name.
- Access Key ID: Generated in step 1 above
- Access Key Secret: Generated in step 1 above
- Reports Recurrence Period(Value: minutes): The frequency with which reports are generated. We recommend that you do not change the default valueThe Prisma Cloud Application Security module is integrated with your Jenkins system.Always refer to the official Jenkins documentation when installing plugins on Jenkins servers.
- Verify that the Jenkins integration is successful:
- SelectSettings>Code & Build Providers> select theCI/CD Systemstab.
- Verify that the status of theJenkinsintegration underStatusdisplaysSucceeded.You may have to wait for up to three minutes before the status of the integration is updated and displaysSucceeded.
Support for multiple integrations
Prisma Cloud supports multiple integrations for Jenkins instances.
Multiple integrations from a single Prisma Cloud account enables you to:
- View a list of integrations on a single console
- Delete an existing integration
- Add additional Jenkins Plugin integrations.
- SelectSettings>Code & Build Providers>Add>Jenkins Plugin(under CI/CD Systems).
- SelectAdd integrationin the wizard.
- RepeatSteps 1-4of the integration process above.The new integration is displayed on the landing page of the integration wizard. You can view your integrations underCI/CD Systemson theCode & Build Providerspage. The next scan of your Jenkins systems will include the new integrations, and the results will be displayed in Repositories.
Manage Integrations
Manage integrations from the integration wizard.
- Access the Jenkins integration wizard - seestep 1of Support for multiple integrations above > select the menu underActions.
From Actions you can:
- Remove integrations
- Edit integration names
- Copy an instance identifier