Secure Your Infrastructure Automation

Build security in to your software development lifecycle and efficiently deploy
Prisma Cloud DevOps Security enables DevOps and security teams to identify insecure configurations in Infrastructure-as-Code (IaC) templates and vulnerabilities in container images so that security issues are identified before actual resources are deployed in runtime environments.
To identify potential issues you can scan content in your IaC templates such as AWS CloudFormation Templates (JSON or YAML format), HashiCorp Terraform templates (HCL format), and Kubernetes App manifests (JSON or YAML format) against a list of IaC policies.
IaC_concept.png
With a valid Prisma Cloud Enterprise edition license, you can use the IaC scanning and container image scanning functionality in any of the following ways:
  • Plugins/Extensions
    —Install and configure the Prisma Cloud Plugins for popular IDEs such as VScode, IntelliJ; Source Control Management systems such as Github ;CI/CD tools such as Jenkins, CircleCI, Azure DevOps. These plugins are designed to easily integrate in to your application development and deployment processes so that you can scan and fix issues in your current workflows without additional tools, thereby reducing the friction and boosting the adoption of better security checks.
  • Prisma Cloud IaC API
    —Interact with the Prisma Cloud IaC scanning API endpoint using tools such as Curl, shell scripts, or Postman to scan IaC templates. Prisma Cloud recommends that you use the published plugins/extensions to perform IaC scanning, but you can use the IaC APIs directly for integrating with custom tools or specific use cases. See Use the Prisma Cloud IaC Scan REST API.
  • Twistcli
    Install and scan container images using twistcli.
    Twistcli
    is a command-line tool supported on Linux, macOS, and Windows, and it requires a Docker Engine to be installed on the machine where you are scanning images for vulnerabilities and malware.

Recommended For You