Table of Contents

Quick Start for Beginners

Begin here to get up and running with Prisma Cloud Application Security.
  1. Get set up for monitoring your code and build environments.
    1. Enable Application Security on the Prisma Cloud platform.
    2. Manage License Types for Application Security.
    3. Manage user roles and permissions for Application Security.
    4. Integrate Code & Build Providers including version control systems (VCS) such as GitHub and GitLab, CI/CD runs such as GitHub Actions and Jenkins, CI/CD systems and package registries. In addition, you can integrate your IDEs to provide developers real-time scan results and inline fix suggestions while developing code.
      When integrating an on-premises system, you first need to enable traffic to Prisma Cloud IPs. Refer to the corresponding integration guide for details.
  2. Gain visibility into your security posture.
    Application Security provides insights on:
    • Repositories: A comprehensive view of your engineering technical stack from repository to deployment through a repository-based view.
      The repositories displayed are limited to those that you selected when onboarding your VCS. To ensure complete visibility, we recommend selecting all repositories during VCS onboarding. In addition, only repositories that the user has been granted access to, as defined by their designated role, will be displayed.
    • Technologies: An inventory of technologies in use across an organization’s software development delivery lifecycle such as GitHub, Jenkins, AWS ECR and Docker Hub, as well as third party artifacts, tools and services such as Jenkins plugins used to develop applications in your engineering ecosystem
    • Supply Chain: A code-centric view of your infrastructure and application security, visualized through a supply chain graph, which provides real-time auto-discovery of potentially misconfigured infrastructure and application files
    • SBOM: A comprehensive list of all open-source packages, third party services and tools used in the code, code, allowing you to identify vulnerabilities and their severity
    • Application Security Dashboard: A unified view of the top application security vulnerabilities and misconfigurations detected in code across all systems integrated with Prisma Cloud
  3. Prevent and fix issues detected in a scan.
    • Projects: A repository-based view of all your application security scans across your VCS and CI/CD systems, including insights into IaC misconfigurations, SCA vulnerabilities, secrets and license issues, allowing you to take remediation actions
    • Code Reviews: Find and fix issues in your pull requests and merge requests from a specific branch of a repository
    • Enforcement: Configure code review scan parameters and customize violation failures and comments for repository scans to reduce unnecessary noise and to optimize secure productivity
    • CI/CD Risks: View, assess and prioritize CI/CD risks, and implement suggested solutions for resolving CI/CD risks
  4. Enable alert notifications to your ecosystem.
    Resolve security issues as soon as they are detected by setting up notifications for new code and CI/CD security issues detected during periodic scans of your environments. These alerts will be sent to messaging systems which you have integrated with Prisma Cloud. For more information, refer to Enable Notifications.

Recommended For You