Connect VScode with Prisma Cloud Application security

Verify the pre-requisites.
Access Key.
The access key enables access to Prisma Cloud. If you do not have the access key, refer to generate access key. Every IDE user, who needs access to the Prisma Cloud console requires the Developer (minimum) role with access to specific repositories. The Developer role provides view and access to
Fix and Submit
changes to the relevant VCS repositories. If a user has more than one Prisma Cloud Role assigned to them, the access key associated with the default role is used when accessing Prisma Cloud.
Secret Key.
The secret key generates with your access key. Save your secret key when you generate it, as you cannot view it again on Prima Cloud.
Python Installation.
Checkov needs Python to run, install Python version 3.7 or above. If you have a versatile working environment of both pip and virtual environment install Pipenv or Docker.
Prisma Cloud API URL.
When you configure Checkov plugin to VScode (Visual Studio Code) you need Prisma Cloud API URL. The URL for Prisma Cloud varies depending on the region and cluster on which your tenant is deployed. The tenant provisioned for you is, for example, https://app2.prismacloud.io or https://app.eu.prismacloud.io. For Prisma Cloud API URL, replace
app
in the URL with
api
.
Prisma Cloud IP addresses and hostnames that need to be allowed
.
See enable access to the Prisma Cloud Console for what IP addresses and hostnames for Application security need to be allowed for successfully integrating with Prisma Cloud.
Access VScode (Visual Studio Code) on Prisma Cloud Application security.
Select
Settings > Code & Build Provider > Add
.
Select
VScode
.

You will be directed to Visual Studio Code Marketplace.
Install and Enable Checkov on VScode.
Select

Install > Continue > Open Visual Studio Code

and then select

Install

to install Checkov Extension on VScode (Visual Studio Code).



You can optionally choose to access VScode (Visual Studio Code) directly from your system and access Checkov plugin from

Extensions

and then search for the Checkov plugin to install.


Configure Checkov plugin on VScode (Visual Studio Code).
Select
Extension > Extension Settings
.

Add your Prisma Cloud application API for
Checkov:Prisma URL
for example
https://api.prismacloud.io
.

Add your Prisma Cloud access key and secret key as
"Access Key::Secret Key"
for
Checkov:Token
.

You can optionally choose to add a custom CA-Certificate and enter the certificate path to configure for
Checkov:Certificate
. Ensure your CA-Certificate is in ".pem" format.

A Checkov scan runs each time you access a file on VScode (Visual Studio Code).
Fix scanned files for policy misconfiguration in build-time checks.
Select a file. Checkov runs an immediate scan on the file.
View the highlighted policy misconfiguration inline.

Select
Quick Fix
to fix the misconfiguration inline.
You can optionally select
View Problem
to know more about the misconfiguration.

Each misconfiguration has details on the policy violation and guidelines to fix the policy. See here to know more about each of misconfigurations in all supported environments. For custom policy and out-of-the-box misconfigurations you can access the Prisma Cloud Administrator console to know more.