Use alert rules to define which policies to use for continuous
monitoring of your build pipelines or detecting issues in code earlier
in your software release lifecycle.
Alert rules for build-time checks enable you
to detect issues early in your production process. When you implement
security practices and automated checks at the very beginning of
the production cycle, you can reduce risk and compliance violations
later in the asset or code management lifecycle.
alert rule, you select the configuration policies
to which the rule applies and the corresponding set of tags for
which you want to detect issues. When you set up the Prisma Cloud
plugins, and specify the same tags in the config.yml file, the alert
rule is matched with the tags to determine which policies you want
to scan against and detect violations.
Alert rules for
build-time checks do not generate alerts on Prisma Cloud. You can
view the scan results and trends for the IaC templates used in your
processes and set up guardrails earlier in your business operations.
Alert Rule Name
the purpose of the rule and then click
you want this alert rule to apply and then click
The tags (key: value pairs) that you have defined within
the resource list display.The policies that you select in this alert
rule are used to scan IaC templates that match the tags listed in
the attached resource list. To set one up, see Add a Resource List on Prisma Cloud.
the IaC templates match the tags attached with the rule, the templates
are scanned against the policies you select in the next step. Otherwise,
the templates are scanned against all Prisma Cloud Configuration
Policies of Subtype Build to detect any security
issues. The scan used the failure criteria you defined when setting
up the respective Prisma Cloud plugin, app, or extension to determine
the scan result.
If you add multiple resource lists to an alert rule, each
IaC template must match on all the tags includes in the resource
If you have multiple alert rules that match on the
tags in an IaC template, the templates are scanned against all policies
included in the rules.
Select the policies you want this alert rule to scan.
Select All Policies
the specific policies that you want to scan.To help you find the
specific group of policies for which you want this rule to alert
—Enter a search term to filter the list
of policies to those with specific keywords.
modify which columns to display.
—Click the corresponding
) to sort on a
the alert rule.
To view the scan results for policy violations on IaC
templates that are scanned against these rules, select