Connect IntelliJ with Prisma Cloud Code Security

Integrating IntelliJ with Prisma Cloud Code Security makes it possible for you to identify misconfigurations before you commit your code, and avoid pull requests that can potentially fail builds due to undetected misconfigurations. Using Checkov, a code analysis tool that scans Infrastructure-as-code (IaC) files from frameworks such as Terraform, Terraform_plan, CloudFormation, Azure Resource Manager (ARM), Secrets, Serverless, Dockerfile (only code), and Kubernetes on IntelliJ gives you immediate detection of misconfigurations and inline code fixes. Apart from the scanning the default Prisma Cloud policies, Checkov also scans for policy violations in custom policies that you can configure during custom build-time checks.
As a prerequisite you are required to add the Prisma Cloud IP addresses and hostname for Code Security to an allow list, to enable access to the Prisma Cloud Console.
  1. Verify the pre-requisites.
    For IntelliJ, get the details for enabling authentication to Prisma Cloud.
    • Access Key.
      The access key enables access to Prisma Cloud. If you do not have the access key, refer to generate access keys.
    • Secret Key.
      The secret key generates with your access key. Save your secret key when you generate it, as you cannot view it again on Prima Cloud.
    • Python Installation.
      Checkov needs Python to run, install Python version 3.7 or above. If you have a versatile working environment of both pip and virtual environment install Pipenv or Docker.
    • Prisma Cloud API URL.
      When you configure Checkov plugin to IntelliJ you need Prisma Cloud API URL. The URL for Prisma Cloud varies depending on the region and cluster on which your tenant is deployed. The tenant provisioned for you is, for example, https://app2.prismacloud.io or https://app.eu.prismacloud.io. For Prisma Cloud API URL, replace
      app
      in the URL with
      api
      .
  2. Access IntelliJ on Prisma Cloud Code Security.
    1. Select
      Settings > Repositories > Add Repositories
      .
    2. Select
      IntelliJ
      .
      You will be directed to Jet Brains Marketplace.
  3. Enable and install Checkov on IntelliJ.
    1. Select
      Get
      and then select
      Download
      corresponding to the latest Checkov plugin version.
    2. Access
      IntelliJ > Plugins > Settings > Install Plugin from Disk
      .
    3. Select the path to the plugin and then select
      Open
      to enable Checkov plugin on IntelliJ.
    4. Access
      IntelliJ IDEA > Preferences > Plugins > Marketplace
      and then select
      Install
      .
      You can optionally choose to access IntelliJ directly from your system and access Checkov plugin from
      IntelliJ IDEA > Preferences > Plugins > Marketplace
      and then search for the Checkov plugin to install.
  4. Configure Checkov plugin on IntelliJ.
    1. Select
      IntelliJ IDEA > Preferences > Tools > Checkov
      .
    2. Add your Prisma Cloud access key and secret key as
      "Access Key::Secret Key"
      for
      Token (Required)
      .
    3. Add your Prisma Cloud application API for
      Prisma URL (Required if using Prisma Cloud Access Token)
      for example .
      You can optionally choose to add a custom CA-Certificate and enter the certificate path to configure for
      CA-Certificate
      . Ensure your CA-Certificate is in ".pem" format.
    4. Select
      OK
      .
      A Checkov scan runs each time you open a file on IntelliJ.
  5. Fix scanned files for policy misconfiguration in build-time checks.
    1. Select
      File > Policy misconfiguration
      and then select
      Fix
      for Checkov to fix the misconfiguration.
      Each misconfiguration has details on the policy violation and guidelines to fix the policy. See here to know more about each of misconfigurations in all supported environments. For custom policy and out-of-the-box misconfigurations you can access the Prisma Cloud Administrator console to know more.

Troubleshoot Logs

In case of a Checkov scan fail, you can access Checkov logs to see more details.
  1. Access IntelliJ and then select
    Show Log in Explorer
    for Windows or
    Help > Show Log in Finder
    for Mac.
  2. Access
    idea.log
    to see the log details.

Recommended For You