Build security in to your software development lifecycle
and efficiently deploy
Prisma Cloud DevOps Security enables
DevOps and security teams to identify insecure configurations in
Infrastructure-as-Code (IaC) templates and vulnerabilities in container
images so that security issues are identified before actual resources
are deployed in runtime environments.
To identify potential issues you can scan content
in your IaC templates such as AWS CloudFormation Templates (JSON
or YAML format), HashiCorp Terraform templates (HCL format), and
Kubernetes App manifests (JSON or YAML format) against a list of IaC policies. Currently, these policies
provide good coverage of AWS and GCP CIS standards.
With a valid Prisma Cloud Enterprise edition license,
you can use the IaC scanning and container image scanning functionality
in any of the following ways:
Plugins/Extensions
—Install and configure the Prisma Cloud Plugins for popular
IDEs such as VScode, IntelliJ; Source Control Management systems
such as Github ;CI/CD tools
such as Jenkins, CircleCI, Azure DevOps. These plugins are designed
to easily integrate in to your application development and deployment
processes so that you can scan and fix issues in your current workflows
without additional tools, thereby reducing the friction and boosting
the adoption of better security checks.
Prisma Cloud IaC API
—Interact with the Prisma Cloud
IaC scanning API endpoint using tools such as Curl, shell scripts,
or Postman to scan IaC templates. Prisma Cloud recommends that you
use the published plugins/extensions to perform IaC scanning, but
you can use the IaC APIs directly for integrating with custom tools
or specific use cases. See Access the Prisma Cloud REST API.
is a command-line tool supported on Linux,
macOS, and Windows, and it requires a Docker Engine to be installed on
the machine where you are scanning images for vulnerabilities and malware.
