Monitor and Fix Issues in Your Scans

The scan results for all your integrated repositories are viewed on
Code Security
page.Here you can review the results for each scanned repositories and choose to either fix the result or suppress the scan result.

Get familiar with Reviewing Scan Results

The image here gives you an outline of the Code Security page.

Filter Scanned Results

You can filter the scanned results using Status, Category, Severity, Tags and Code Status.

Status

A status for each scanned repository is created based on the non-conformance to a policy. The repository status can be further filtered as Errors, Suppressed and Passed.
  • Errors: A resource appears with an error status,when it is non-conformant to a policy.
  • Suppressed: A resource that has previously appeared with a non-conformant policy, but is suppressed with a Suppress action. To suppress a non-conformant policy in a resource, is when you absolve the scanned result with a definitive explanation indicating the non-conformance to be not problematic.
  • Passed: A resource that has conformant policies or may have a history of fixed errors.
Your scanned resources appear on
Code Security
with an active Error filter by default. You can choose add more filters or remove the Error filter.

Category

A Category, filters resources according to Elasticsearch, General, IAM, Kubernetes, Logging, Monitoring, Networking, Public, Secrets, Serverless, Storage, and Vulnerabilities. During the time of repositories integration on Prisma Cloud Code Security your defined Categories associated with the repositories also help with filter.

Severity

A Severity is an indicator of an impact on a non-conformant resource in your repository. Resources can be filtered as High, Medium and Low of severity.

Tags

A Tag helps you filter resources as a defined individual tagged key value pairs.

Code Tags

A Code Tag appears for resources that have an option to fix the scanned result. These fixes help resolve the non-conformance.

Browse and Fix Scanned Results

Integration of the Prisma Cloud Code Security with your repositories across Version Control Systems, CI/CD platforms and IDEs generate contextualized scanned results of each resource. Each scanned result for a resource gives you extensive information on the type of non-conformance of policy, repository configuration, type of scan, status of the PR (if the resource is a part of a version control system) and the actions you can mitigate for each resource with Suppress and Fix action.

Browse across Resources and Repositories

  • You can browse across multiple repositories on Code Security. Icons associated with each of the repository appears to help you browse easy.
    This is an example of multiple repositories listed on Code Security.
  • Scanned resources are grouped by the path of a folder. You can browse across multiple paths within the a repository.
    This is an example of multiple paths within a repositories. The numbers corresponding to each path are errors identified by Prisma Cloud Code Security.
  • Each scanned result appears with resource path information, severity of the error, code block with the error, and actions to Suppress or Fix the error.
    This is an example of an scanned result on GitHub Actions.
    In addition, you can filter results within a resource by Users.
    This is an example of a resource result with user filter.

Fix Scanned Resources

For each scanned result you can either Suppress the scan result or Fix the result.
Fix is an action when you access the source code and fix the non-conformant error within the code.
  1. Access a scanned result of a repository in
    Code Security
    .
    You can fix more than one scanned result at a time.
  2. Select
    Fix
    .
  3. Select
    Submit
    . This will create a PR in the repository.
    Make edits within the source code and commit your changes. Your changes will be marked as
    Has Fixed
    on
    Code Security
    .
Suppress Scanned Resources
Suppress is an action when you absolve the scanned result with a definitive explanation indicating the non-conformance to be not problematic.
  1. Access a scanned result of a repository in
    Code Security
    .
  2. Select
    Suppress
    and enter the reason to suppress the error and then select
    Suppress
    .
  3. Select Submit to save the changes in the repository.
  4. The suppressed result appears with the Suppress filter.

Resource detail and history

You can view the resource details like repository name, policy misconfiguration, and tags associated with the scanned result. Resource History gives you details over the actions performed on the resource scanned result, like if the result was Suppressed, and the date it was suppressed.

Recommended For You