1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Code Security
    5. Scan and Monitor
    6. Fine Tune Your Configuration Settings

    Fine Tune Your Configuration Settings

    Once your code repositories are integrated, you can modify your configuration to specify how Prisma Cloud scans your code. This includes:

    Exclude Paths from Code Security scans

    Configure your code security scan by adding rules to an integrated repository. New rules are scanned only for a single defined repository. However, you can configure multiple repositories to a defined rule.
    By default, Prisma Cloud scans all paths in all repositories. You can add a rule to specify which repository paths to exclude when scanning. Before you begin adding rules, disable the default configuration for all repositories.
    1. Select
      Settings > Code Configuration
       to configure your integrated repository.
    2. Enable repositories to scan.
      1. Select specific repositories
        From Repositories
        .
    3. Enter paths to exclude from the repository.
      1. Type paths to exclude within the selected repository.
        Use comma (,) to list more than one file or path.
        In this example, On Enter Paths, type test, _test, \/test\/ this will exclude any path or file with the specified context.
    4. Select
      Add Rule
       to add the rule with excluded paths to your code configuration.
      1. Select
        Save
         to save your new rule of paths to be excluded during a code security scan.

    Enable Notifications

    Enable Prisma Cloud to send notifications for Code Security scan results to an external integration. Prisma Cloud Code Security supports notifications to Microsoft Teams, Slack, Splunk, JIRA, ServiceNow and Webhooks only.
    Prisma Cloud Code Security sends notifications to the supported integrations for all new findings detected in periodic scans, on-demand scans triggered using
    Scan Now
     , and CI/CD scans. This means that when you configure notifications for a repository that has already been scanned, you will not get notifications for the issues that currently exist, but you will get notifications for new issues on subsequent scans.
    VCS pull request scans do not trigger notifications, because PR scans already get notifications in the PR itself in the form of comments and pipeline scans. However, when a PR gets merged and introduces new findings on the default branch, then those findings generate alerts on the next periodic scan.
    By default, Notifications are disabled. See Configure External Integrations on Prisma Cloud to set up an integration. After you have set it up, you must first enable notifications, modify the default rule that scans all paths in all repositories and add new rules for your notification preferences.
    1. Select
      Settings > Code Security Configuration
       and enable
      Notifications
      .
    2. Set up your notification preferences.
      1. Enable repositories you want to scan.
      2. Select the Name or ID of the integration.
      3. Select the policy severity threshold.
        You can choose for severity higher than High, Medium or Low.
      4. Specify any policies to exclude during the scan.
    3. Add Rule
       to add more granular notification configuration.
    4. Save
       your changes.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo