1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Code Security
    5. Scan and Monitor
    6. Monitor and Fix Issues in Your Scans
    7. Fix Issues in a Scan Result

    Fix Issues in a Scan Result

    On
    Projects
    , you can remediate scan results across all code categories by adding issues to the fix cart to create a PR with a suggested fix. For every issue found on Prisma Cloud console, you can view information like origin of the issue in a file or repository, policy violation, and suggestions to remediate the issue.
    1. Access scan results on
      Projects
      .
      1. Select a code category with an issue.
      2. Select an issue from the resource block to view more information and suggested fixes in the resource explorer.
        In this example, on IaC Misconfiguration you see aws_s3_bucket.public_read resource block with an issue that has a fix.
    2. Create a PR with a fix using the suggestions in the resource explorer.
      1. Select an issue to see a fix suggestion in the resource explorer.
        You can fix one more issues at once by selecting issues across multiple resources or policy blocks and adding it to the fix cart.
      2. Select
        FIX
         to add the issue with a fix to the fix cart.
      3. Select
        Submit
         to create a PR with an issue fix.
        In this example, you see one or more issues added to the fix cart to from IaC Misconfiguration google_container_cluster.workload_cluster resource block.
        To resolve an issue, you need to access the PR on the VCS console and merge the fix with the default branch.
        If the issue does not have a fix suggestion, you can choose a
        Manual Fix
         or
        Suppress
        .

    Manual Fix an issue

    You can perform a manual fix for all issues. A manual fix enables you to access a specific commit to review the code to then resolve the issue manually using the policy guidelines on the Prisma Cloud console.

    Suppress issues in a scan result

    On
    Code Security > Projects
    , add a suppression rule to suppress issues across views to mitigate scan results.
    1. Access a code category then select the issue in the resource block to view more information and suggested fixes in the resource explorer.
    2. Select
      Suppress
       and then enter relevant information as
      Justification
      .
      You can optionally add an
      Expiration Time
       for the suppression.
    3. Select
      Suppress by
       to suppress issues based on the suppression types.
      • Resource
        : This enables you to suppress the issues by resources and at your next scan these resources will not be scanned. You can also view the number of resources that will be affected to make an informed decision.
      • Tags
        : This enables you to selectively suppress the violation to a tag.
      • Policy
        : This enables you to suppress the violation by policy and at your next scan the policy will not be scanned.
      • Repositories
        : This enables you to selectively suppress the issues across repositories. You are required to select the repositories from the list on the console.
        In this example, you see the repositories list for the suppression rule.
    4. Select
      Save
       to add the suppression rule.
      You can also view the suppressed result using the
      Issue Status
       filter.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo