Set Up Transporter Network Tunnels using Docker Containers

Verify the prerequisites.

Add Prisma Cloud IP addresses and hostname
Ensure you add the Prisma Cloud IP addresses and hostname for Application Security to an allow list. In addition, to allow access for`egress` network you are required add the IP addresses to firewall or proxy in use. To know more see enable access to the Prisma Cloud Console.
Access Key
The Prisma Cloud access key enables you to integrate your self-hosted VCS with Prisma Cloud. If you do not have an access key, see generate access key.
Secret Key
The Prisma Cloud secret key generates with the access key. Save your secret key once it is generated, as you cannot see it again on Prima Cloud console.
Install Docker
Transporter Client requires Docker to run in your environment with network access to your self-hosted VCS. In addition, to establish a communication channel with Prisma Cloud you need egress network access.
Certificate and path access
For Transporter to establish a secure webhook connection to your VCS an SSL certificate is required. The webhook is established in your environment, therefore you are required to define the path for the SSL certificate storage path and key.
Limitations
There are hardware limitations you need to consider for Transporter configuration.
When total size of all scanned repositories is under 4 GB - machine with 2 CPU / 8GB RAM (tested on m5.large EC2 instance).
For bigger scale repositories (total size over 4GB) - machine with 4 CPU / 16GB RAM (tested with m5.xlarge EC2 instance).

Access Manage Network Tunnels to configure the Transporter on Prisma Cloud.

Select

Settings > Code & Build Providers > Manage Network Tunnels.



Select

New Transporter

to create a new Transporter.



Configure Transporter on Prisma Cloud.

Add

Transporter Name

.

The Transporter name is a unique helping you group and define multiple connections on Prisma Cloud console.

Ensure the Transporter unique name does not have any spaces between characters.



Add

Transporter URL

and

Port

.

The Transporter URL is a proxy URL with a port number you must define. This information will also be part of the Docker files configured in Transporter, which helps communicate with Prisma Cloud.



Add

Prisma Cloud Access Key

and

Prisma Cloud Secret Key

.



Add

SSL Certificate path

and

SSL Certificate key path

.

This includes the local path of the SSL certificate and key, where the certificate path allows webhooks to integrate with Transporter and certificate key allows WebSockets to communicate over HTTPS.



Ensure the path of the certificate is for the specified Transporter client URL and Port.

Select

Next

to configure deploying the Transporter client.



Provide permissions to pull and run Docker in your environment.

Use the permissions in

Verify and add permissions for set SSL Certificate path

in your terminal. The command defines the permission to use the SSL certificate while defining the local path to the certificate.



Use the Docker pull CLI command in your terminal to pull the Docker image.



You can choose to run the Docker image either Using Docker commands or Docker compose to establish communication between Prisma Cloud and your self-hosted VCS (version control system).



Using Docker commands
You are required to run the additional commands.
Use the

Logs volume

command in your terminal to save the Docker logs as a dedicated volume.



Use the

Docker Run CLI command

in your terminal to run the pulled Docker image.


Docker compose
To run the Docker compose you require additional commands.
Use the
Docker Compose Content
to create and save docker-compose file content that you can later use.

Use the Docker-Compose CLI Command in your terminal to run the docker-compose CLI command.

-d value in the command is used based on the docker compose yml file name.
After the connection is established between the Prisma Cloud and your self-hosted VCS (version control system), the communication required for Transporter to function is through the WebSocket.

Select

Next

after you run the Transporter in your environment.



Select

Done

to complete the integration.



Only after the Transporter has run successfully can Prisma Cloud authenticate and establish a communication channel with your VCS. You should be able to see the Transporter on

Settings > Code & Build Providers > Manage Network Tunnels > Manage Integrations

.



You can add the Transporter to a new or existing VCS integration on Prisma Cloud from

Settings > Code & Build Providers > Add Repository

. Adding the Transporter to an integration establishes the communication channel between the VCS and Prisma Cloud. In this example, the GitLab Self-managed integration to Prisma Cloud uses the Transporter.