Table of Contents
Code Reviews
On Prisma Cloud view insights into misconfigurations and vulnerabilities identified by default policies using Enforcement, a configuration parameter that enables you to set a custom threshold for code reviews performed on your integrated repositories.
The insights to your scan are time based; that is, you can view the latest scans or choose to navigate across the scan result history to investigate and identify any misconfigurations or violations in your repository. In addition, these insights enable you to prioritize new and existing issues identified in your repository through a graphical representation of the scan results you can search, sort and customize.
Code Reviews display the global view of all the scan results from your integrated VCS (Version Control System) repositories and CI/CD repositories on the Prisma Cloud console. The graphical representation of the insights from the scan results helps you identify the total number of issues in a code review with the total number of failed, passed and suppressed issues. You can view up to 1000 latest scans and get insights into 20 code reviews that include all scan parameters of failed, passed and suppressed issues.
In addition, using Enforcement, a configuration for your CI/CD and VCS repositories, you are customizing your scan results to fail or pass at a specific threshold for each repository.
The tabulated insights are structured to list the latest scan first, thus enabling you to prioritize critical issues.
You can also choose to re-configure the Enforcement corresponding to the repository using Manage Enforcement.
Code Reviews Graph
Each time you access Code Reviews, each bar in the graph is structured to give you the total number of issues with a breakdown of Fail, Pass and Suppressed issues in a repository.
The y-axis represents the total Code Review issues across all scanned repositories and CI/CD including scan status of Pass, Fail and Suppress.
For each repository you can view the total number of Pass, Fail and Suppressed issues by hovering on the corresponding graph.
The scan results are based on the activities performed on the default branch integrated (Master branch) with the organization account of the VCS (Version Control System).
Using the graph you can prioritize the critical issues and identify the important repository. On every access you will be able to view upto 1000 scan results across repositories and CI/CD pipelines.
Review Scan Results
You can view the insights on the graph with more corresponding information in the table.
Column Name | Description |
|---|---|
Repository | The name of the repository. |
Organization | The organization name in the VCS or the CLI unique ID. |
Scan item | The Pull Request ID with the commit message for a VCS repository. Alternatively, any integrated branch for the CI/CD repository. |
Scan ID | The pull request commit ID for a VCS repository.
Alternatively, a unique ID generated for the CI/CD repository from Prisma Cloud. |
Git user | The username of the Git user committing code to the repository. |
Scan failed issues | The total number of failed issues with a detailed breakdown.
Select the insight to further view the fail issue breakdown in the repository. |
Scan status | The status of scan if it is either Pass or Fail based on Enforcement.
Select the insight to access a detailed breakdown of the Enforcement threshold. See Enforcement for more details. |
Scan time | The date and time of the most recent scan. |
Actions | The list of actions you can perform to further investigate the scan results corresponding to the repository. * View scan results : Enables you to access the repository in Application Security > Projects where you can view the misconfigurations and also suppress, fix, or create Jira tickets to resolve the issue.* View scan results in VCS : Enables you to access the scan in a VCS commit. |