Fine Tune Your Configuration Settings

Once your code repositories are integrated, you can modify your configuration to specify how Prisma Cloud scans your code. This includes:

Exclude Paths from Code Security scans

Configure your code security scan by adding rules to an integrated repository. New rules are scanned only for a single defined repository. However, you can configure multiple repositories to a defined rule.
By default, Prisma Cloud scans all paths in all repositories. You can add a rule to specify which repository paths to exclude when scanning. Before you begin adding rules, disable the default configuration for all repositories.
  1. Select
    Settings > Code Configuration
    to configure your integrated repository.
  2. Enable repositories to scan.
    1. Select specific repositories
      From Repositories
      .
  3. Enter paths to exclude from the repository.
    1. Type paths to exclude within the selected repository.
      Use comma (,) to list more than one file or path.
      In this example, On Enter Paths, type ‘ test, _test, \/test\/’ this will exclude any path or file with the specified context.
  4. Select
    Add Rule
    to add the rule with excluded paths to your code configuration.
    1. Select
      Save
      to save your new rule of paths to be excluded during a code security scan.

Enable Code Reviews

Enable code review configuration to code repository to receive error notifications for each new pull request (PR) that Prisma Cloud scans. With the error notifications, code reviews also offer options to fix or suppress the error identified.
By default, the
Code Reviews
is enabled.
Prisma Cloud scans all paths in all repositories. Before you begin adding rules, disable the default configuration for all repositories.
  1. Select
    Settings > Code Configuration
    to configure your integrated repository.
  2. Enable repositories you want to scan.
  3. Select the fail severity of the policy.
    The fail severity lies between High, Medium and Low.
    You can optionally specify policies to exclude during the scan.
    Once you have specified your repository, the policies are automatically listed.
  4. Add rule.
    1. Select
      Add Rule
      to add the new rule of code reviews.
    2. Select
      Save
      to save the new rule for code reviews.

Enable Pull Request Bot Comments

Enable Pull Request Bot Comments in code repository to receive policy violations notifications as a comment in a pull request. You can configure the repository for which you choose to receive comments and also set the threshold of policy severity notifications. By default, the Pull Request Bot Comments is enabled. In addition, by default, Prisma Cloud scans all paths in all repositories. Before you begin adding rules, disable the default configuration for all repositories.
  1. Select
    Settings > Code Configuration
    and enable repositories you want to scan.
  2. Select the threshold of the policy severity.
    The severity lies between High, Medium and Low.
    You can optionally specify policies to exclude during the scan.
  3. Select
    Add Rule
    to add the defined rule to your configuration.
  4. Select
    Save
    to save your new rule for the pull request bot comments.

Enable Notifications

Enable Prisma Cloud to send notifications for Code Security scan results to an external integration. Prisma Cloud Code Security supports notifications to Microsoft Teams, Slack, Splunk, and Webhooks only.
By default, Notifications are disabled. See Configure External Integrations on Prisma Cloud to set up an integration. After you have set it up, you must first enable notifications, modify the default rule that scans all paths in all repositories and add new rules for your notification preferences.
  1. Select
    Settings > Code Security Configuration
    and enable
    Notifications
    .
  2. Set up your notification preferences.
    1. Enable repositories you want to scan.
    2. Select the name or ID of the integration.
    3. Select the policy severity threshold.
      You can choose for severity higher than High, Medium or Low.
    4. Specify any policies to exclude during the scan.
  3. Add Rule
    to add more granular notification configuration.
  4. Save
    your changes.

Enable Tagging Bot

Enable Tagging bot to be notified when a PR is committed to the default branch with a new IaC code. You can add traceability tags to your repositories that help locate runtime resources based on a specific IaC code and also trace the difference between cloud and code repositories. The tagging of a repository can be done manually, automatically (using Yor), or by using Prisma Cloud Tagging bot (Via Yor). The yor_trace tag is a unique identifier indicating the git commit in combination with the specific IaC resource, it has initial support for Terraform, CloudFormation, and Serverless, Yor adds tags to IaC configurations that carry over to running cloud resource tags, for more details on yor, see here By default, Tagging Bot is disabled.
You can exclude paths from scanning. Before you begin, disable the default configuration for all repositories.
  1. Select
    Settings > Code Configuration
    and enable repositories you want to scan.
  2. Enable repositories you want to scan.
    1. Select specific repositories
      From Repositories
      .
  3. Enter paths to exclude from the repository.
    1. Type paths to exclude within the selected repository.
      Use comma (,) to list more than one file or path.
      In this example, in
      Enter Paths
      , type ‘ test, _test’ this will exclude any path or file with the specified context.
  4. Save to exclude the path from the scan.

Recommended For You