: Fine Tune Your Configuration Settings

Fine Tune Your Configuration Settings

Table of Contents

Fine Tune Your Configuration Settings

Once your code repositories are integrated, you can modify your configuration to specify how Prisma Cloud scans your code. This includes:

Exclude Paths from Application Security scans

Configure your application security scan by adding rules to an integrated repository. New rules are scanned only for a single defined repository. However, you can configure multiple repositories to a defined rule.
By default, Prisma Cloud scans all paths in all repositories. You can add a rule to specify which repository paths to exclude when scanning. Before you begin adding rules, disable the default configuration for all repositories.
  1. Select
    Settings > Code Configuration
    to configure your integrated repository.
  2. Enable repositories to scan.
    1. Select specific repositories
      From Repositories
  3. Enter paths to exclude from the repository.
    1. Type paths to exclude within the selected repository.
      Use comma (,) to list more than one file or path.
      In this example, On Enter Paths, type test, _test, \/test\/ this will exclude any path or file with the specified context.
  4. Select
    Add Rule
    to add the rule with excluded paths to your code configuration.
    1. Select
      to save your new rule of paths to be excluded during a application security scan.

Enable Notifications

Enable Prisma Cloud to send notifications for Application Security scan results to an external integration. Prisma Cloud Application Security supports notifications to Microsoft Teams, Slack, Splunk, JIRA, ServiceNow and Webhooks only.
Prisma Cloud Application Security sends notifications to the supported integrations for all new findings detected in periodic scans, on-demand scans triggered using
Scan Now
, and CI/CD scans. This means that when you configure notifications for a repository that has already been scanned, you will not get notifications for the issues that currently exist, but you will get notifications for new issues on subsequent scans.
VCS pull request scans do not trigger notifications, because PR scans already get notifications in the PR itself in the form of comments and pipeline scans. However, when a PR gets merged and introduces new findings on the default branch, then those findings generate alerts on the next periodic scan.
By default, Notifications are disabled. See Configure External Integrations on Prisma Cloud to set up an integration. After you have set it up, you must first enable notifications, modify the default rule that scans all paths in all repositories and add new rules for your notification preferences.
  1. Select
    Settings > Application Security Configuration
    and enable
  2. Set up your notification preferences.
    1. Enable repositories you want to scan.
    2. Select the Name or ID of the integration.
    3. Select the policy severity threshold.
      You can choose for severity higher than High, Medium or Low.
    4. Specify any policies to exclude during the scan.
  3. Add Rule
    to add more granular notification configuration.
  4. Save
    your changes.

Recommended For You