Build security in to your software development lifecycle
and efficiently deploy
Prisma Cloud DevOps Security enables
DevOps and security teams to identify insecure configurations in
Infrastructure-as-Code (IaC) templates and vulnerabilities in container
images so that security issues are identified before actual resources
are deployed in runtime environments.
To identify potential issues you can scan content
in your IaC templates such as AWS CloudFormation Templates (JSON
or YAML format), HashiCorp Terraform templates (HCL format), Kubernetes
App manifests (JSON or YAML format), or Helm Charts against a list
of IaC policies.
Helm
Charts are a package manager for Kubernetes manifests.
With a valid Prisma Cloud Enterprise edition license,
you can use the IaC scanning and container image scanning functionality
in any of the following ways:
Plugins/Extensions
—Install and configure the Prisma Cloud Plugins for popular
IDEs such as VScode, IntelliJ; Source Control Management systems
such as Github ;CI/CD tools such
as Jenkins, CircleCI, Azure DevOps. These plugins are designed to
easily integrate in to your application development and deployment
processes so that you can scan and fix issues in your current workflows
without additional tools, thereby reducing the friction and boosting
the adoption of better security checks.
Prisma Cloud IaC API
—Interact with the Prisma Cloud IaC
scanning API endpoint using tools such as Curl, shell scripts, or
Postman to scan IaC templates. Prisma Cloud recommends that you
use the published plugins/extensions to perform IaC scanning, but
you can use the IaC APIs directly for integrating with custom tools
or specific use cases. See Use the Prisma Cloud IaC Scan REST API.
is a command-line tool supported on Linux,
macOS, and Windows, and it requires a Docker Engine to be installed on
the machine where you are scanning images for vulnerabilities and malware.
