Pipeline Tools
Table of Contents
Pipeline Tools
Pipeline Tools
provides an inventory of all third party services and tools used by an organization’s CI/CD pipeline. This visibility is invaluable, as it reveals the tools running in your CI/CD systems, which are highly sensitive. We recommend reviewing the tools detected and displayed in the inventory with your engineering teams to ensure that the tools are all recognized and approved. Special attention should be given to tools with names designated as Not Available
, as this could indicate less popular tools, or in some cases, even malicious ones.Pipeline Tools currently supports Jenkins declarative pipelines, CircleCI, GitLab CI, GitHub Actions and Azure Pipelines.
To access 'Pipeline Tools', select
Application Security
> Technologies
> click on the Pipeline Tools
tab.
Pipeline Tools includes the following details.
- Tool Name: The name of the tool in the pipeline
When the 'Not available' status is displayed, it indicates that the tool is not in Prisma Cloud’s Pipeline Tools catalog. This could be because it is either an internal tool or a public tool.
- Insights: Meaningful understandings gained by Palo Alto Networks from the data collected, analyzed and interpreted, about the pipeline tool - see below for more details
- Executable: Details of the executable including stars received from GitHub, the number of downloads a tool has from the CircleCI Orbs marketplace(UsedBy) and the identity of the tool creator - see below for more details.
- Description: A description of the tool- see below for more details.
- Vendor: The tool vendor
- Pipelines: The pipeline in which the tool is found. A number indicates the amount of pipelines that the tool is detected in. Hovering over a value displays all pipelines including the tool
Selecting a pipeline tool in the inventory table opens the resource explorer, displaying additional information about the entity.
- TheDetailstab opens as the default view, providing pipeline tool metadata such as a description of the tool, the tool vendor, the number of pipelines in which the tool was detected, and a link to the location containing the tool.
- Executable: Details of the executable including where installed, stars received from GitHub, the number of downloads a tool has from the CircleCI Orbs marketplace(UsedBy) and the identity of the tool creator.
- Usage: A list of pipelines in which the tool is found, as well as the command that runs the tool in the pipeline
- Insights: The tool executables and categories that they are assigned to
Filters
You can apply the following filters to narrow a search for a pipeline tool:
- Tool Name: Filter by tool name
- Insights: Filter by insights
- Executable: Filter by the usage of the tool
- Pipelines: Filter by pipeline that a tool is found in
- Vendor: Filter by tool vendor