Build security in to your software development lifecycle
and efficiently deploy
Prisma Cloud DevOps Security enables
DevOps and security teams to identify insecure configurations in
Infrastructure-as-Code (IaC) templates and vulnerabilities in container images
so that security issues are identified before actual resources are
deployed in runtime environments.
To identify potential issues you can scan content
in your IaC templates such as AWS CloudFormation Templates (JSON
or YAML format), HashiCorp Terraform templates (HCL format), and Kubernetes
App manifests (JSON or YAML format) against a list of IaC policies.
With a valid Prisma Cloud Enterprise edition license,
you can use the IaC scanning and container image scanning functionality
in any of the following ways:
Plugins/Extensions
—Install and configure the Prisma Cloud Plugins for popular
IDEs such as VScode, IntelliJ; Source Control Management systems such
as Github ;CI/CD
tools such as Jenkins, CircleCI, Azure DevOps. These plugins are designed
to easily integrate in to your application development and deployment
processes so that you can scan and fix issues in your current workflows
without additional tools, thereby reducing the friction and boosting
the adoption of better security checks.
Prisma Cloud IaC API
—Interact with the Prisma Cloud
IaC scanning API endpoint using tools such as Curl, shell scripts,
or Postman to scan IaC templates. Prisma Cloud recommends that you
use the published plugins/extensions to perform IaC scanning, but
you can use the IaC APIs directly for integrating with custom tools
or specific use cases. See Use the Prisma Cloud IaC Scan REST API.
is a command-line tool supported on Linux,
macOS, and Windows, and it requires a Docker Engine to be installed
on the machine where you are scanning images for vulnerabilities and malware.
