Development Pipelines

Development Pipeline is a global view for all your code security scans across all the CI/CD and VCS (Version Control System) repositories that you have onboarded on Prisma Cloud. It provides insights into misconfigurations and vulnerabilities identified by default policies on the Prisma Cloud console. Using Enforcement, a configuration parameter that enables you to set a custom threshold for code reviews performed on your integrated repositories, you can also view insights into these custom scans on Development Pipelines. The insights to your scan are time based; that is, you can view the latest scans or choose to navigate across the scan result history to investigate and identify any misconfigurations or violations in your repository. In addition, these insights enable you to prioritize new and existing issues identified in your repository through a graphical representation of the scan results you can search, sort and customize.
The scan results are separated into two tabs, Projects and Code Reviews.
  • When you integrate VCS (Version Control System) repositories on Prisma Cloud you integrate it at an organization level, thus each time Prisma Cloud scans your repository it scans your default branch (master branch) and any new or open pull requests around the same branch. Projects give you a global view of all the scan results performed on the repository with insights based on pull requests (PR) and merge requests (MR). In addition, Prisma Cloud analyzes the number of Git users and weekly commit status to give you a “ trend line” of the repository useful to identify critical issues in an active repository.
  • In addition to the global view of all scan results from VCS (Version Control System) repositories, Code Reviews also give you insights into your CI/CD. The insights here are based on scans performed on all branches integrated on CI/CD and pull requests (PR) and merge requests (MR) in a VCS (Version Control System) and are structured to provide you with access to the latest insight first. Each time you access Code Reviews, you view up to 1000 latest scan results for all integrated repositories.

Projects

Use
Code Security > Development Pipelines > Projects
for a global view of the scan results across our integrated VCS (Version Control System) repositories on the Prisma Cloud console. The graphical representation of the insights from the scan results helps you identify user frequency in an active repository and identify the highest number of commits and scans. In addition, the insights indicate the number of Pending Fix PR (pull request) and MR (merge requests) into the default branch based on the Prisma Cloud recommendations. These insights are based on user activity on Code Security > Projects, summarized here on Projects to help you take an advised decision.

Projects Graph

Each time you access Projects, each bar in the graph is structured to give you the highest number of Open PR (pull request) with a breakdown of Fail and Pass PRs (pull request) in a repository.
The y-axis represents the total number of Pull Requests (PR) in both Open Pull Requests (PR) and Merge Requests (MR) across repositories. The number of pull requests may change based on the user activity in a repository.
For each repository you can view the total number of Pass and Fail Pull Requests (PR) by hovering on the graph.
The scan results are based on the activities performed on the default branch integrated (Master branch) with the organization account of the VCS (Version Control System). Hence, Prisma Cloud monitors both open pull requests and merge requests into the default branch. Using the graph you can prioritize the critical issues and identify the important repository. At each access to Projects you will be able to view scan results across 20 different repositories with a breakdown of Open Pull Requests (PR) and Merge Requests (MR).

Review Scan Results

You can view the insights on the graph with more corresponding information in the table.
Column Name
Description
Repository
The name of the repository.
Organization
The organization name in the VCS (Version Control System).
Weekly Commits
The total number of commits merged weekly into the default branch. Corresponding to the commits is the “trend line” that represents the difference in weekly commits (either increase or decrease) from the previous week.
Git Users
The total number of Git users who contributed and merged code to the default branch in the last 90 days.
Failed open PRs/MRs
The total number of failed open pull/merge requests out of the total number of open pull/merge requests. These insights are based on user activity on
Code Security > Projects
.
Pending Fix PRs/MRs
The number of fix merge/pull requests opened by Prisma Cloud that are pending.
Latest PR/ MR
The latest pull request number with the pull request name.
Latest PR/MR scan time
The date and time of the latest pull/merge request.
Actions
The list of actions you can perform to further investigate the scan results corresponding to the repository.
*
Review Fix PRs in VCS
: Enables you to your access open fix pull requests in the repository. Currently available only for GitHub repositories.
*
Open Failed PR scans in VCS
: Enables you access a list of failed pull requests in the repository. Currently available only for GitHub repositories.
*
Open the latest scan item
: Enables you to access the latest repository scan on
Code Security > Projects
.
Use the insights available in the table to make informed security decisions.
  • You can view insights in Weekly commits, Git users and Latest PR/MR scan time to monitor and prioritize on critical and important repositories.
  • Optionally, in these examples you can further investigate and address high priority issues.
    • Access Review fix PRs in VCS for any repository and view the PR (pull request) in GitHub.
      Currently available only for GitHub repositories.
    • Access Open failed PR scans in VCS for any repository and view the PR (pull request) in GitHub.
      Currently available only for GitHub repositories.
    • Access Open the latest scan item for any repository to access the latest scan in Code Security > Projects.
In addition, you can search or customize your insights view in the table.
  • Use Search to look for a specific repository.
  • Use toggle to further customize the insights you view in the table. You can toggle the insights view for columns Repository, Organization, Weekly commits, Git users, Failed open PRs/MRs, and Latest PR/MR scan time.
    If you customize the insights view for any column, this automatically impacts the view of corresponding insights.
    In this example, you can see the toggle insights view in Weekly commits.

Code Reviews

Code Reviews display the global view of all the scan results from your integrated VCS (Version Control System) repositories and CI/CD repositories on the Prisma Cloud console. The graphical representation of the insights from the scan results helps you identify the total number of issues in a code review with the total number of failed, passed and suppressed issues. You can view up to 1000 latest scans and get insights into 20 code reviews that include all scan parameters of failed, passed and suppressed issues. In addition, using Enforcement, a configuration for your CI/CD and VCS repositories, you are customizing your scan results to fail or pass at a specific threshold for each repository. The tabulated insights are structured to list the latest scan first, thus enabling you to prioritize critical issues. You can also choose to re-configure the Enforcement corresponding to the repository using Manage Enforcement.

Code Reviews Graph

Each time you access Code Reviews, each bar in the graph is structured to give you the total number of issues with a breakdown of Fail, Pass and Suppressed issues in a repository.
The y-axis represents the total Code Review issues across all scanned repositories and CI/CD including scan status of Pass, Fail and Suppress.
For each repository you can view the total number of Pass, Fail and Suppressed issues by hovering on the corresponding graph.
The scan results are based on the activities performed on the default branch integrated (Master branch) with the organization account of the VCS (Version Control System). Using the graph you can prioritize the critical issues and identify the important repository. On every access you will be able to view upto 1000 scan results across repositories and CI/CD pipelines.

Review Scan Results

You can view the insights on the graph with more corresponding information in the table.
Column Name
Description
Repository
The name of the repository.
Organization
The organization name in the VCS or the CLI unique ID.
Scan item
The Pull Request ID with the commit message for a VCS repository. Alternatively, any integrated branch for the CI/CD repository.
Scan ID
The pull request commit ID for a VCS repository. Alternatively, a unique ID generated for the CI/CD repository from Prisma Cloud.
Git user
The username of the Git user committing code to the repository.
Scan failed issues
The total number of failed issues with a detailed breakdown. Select the insight to further view the fail issue breakdown in the repository.
Scan status
The status of scan if it is either Pass or Fail based on Enforcement. Select the insight to access a detailed breakdown of the Enforcement threshold. See Enforcement for more details.
Scan time
The date and time of the most recent scan.
Actions
The list of actions you can perform to further investigate the scan results corresponding to the repository.
*
View scan results
: Enables you to access the repository in
Code Security > Projects
where you can view the misconfigurations and also suppress, fix, or create Jira tickets to resolve the issue.
*
View scan results in VCS
: Enables you to access the scan in a VCS commit.

Recommended For You