Use the Prisma Cloud Extension for Visual Studio Code

With the Prisma Cloud Enterprise edition license, you can install the Prisma Cloud extension for Visual Studio (VS) Code to detect issues in your Infrastructure-as-Code (IaC) templates and deployment files against Prisma Cloud security policies early in the software development process, directly within your VS Code editor. The following steps show how simple it is to install and check your templates and files for potential security misconfigurations.

Install Prisma Cloud Extension for Visual Studio Code

The Prisma Cloud extension supports VS Code version 1.36.0 and later.
  1. In VS Code, navigate to
  2. Enter
    Prisma Cloud
    in search.
  3. Install
    the extension.

Configure the Prisma Cloud Extension for VS Code

Before you can use the Prisma Cloud extension for VS Code, you’ll need to configure the extension to include your API access key, secret key, and Prisma Cloud API URL. If your access keys change, you must update the details in the extension settings.
  1. In VS Code, navigate to
    Prisma Cloud
  2. Enter the following information for the Prisma Cloud extension:
    • Prisma Cloud API URL
      The URL for Prisma Cloud varies depending on the region and cluster on which your tenant is deployed. The tenant provisioned for you is, for example, or Replace
      in the URL with
      and enter it here. Refer to the Prisma Cloud REST API Reference, which is accessible from the Help Center within the Prisma Cloud web interface for more details.
    • Access Key
      The Prisma Cloud access key enables programmatic access. If you do not have a key, you must Create and Manage Access Keys.
    • Secret Key
      You should have saved this key when you generated your Prisma Cloud access key and corresponding secret key. You cannot view the secret key on the Prisma Cloud web interface.
    • Asset Name
      Give your VSCode instance an asset name. You can choose an arbitrary name. Prisma Cloud uses the asset name to track results. Some examples of names are appteam_vscode or johndoe_vscode.
    • Prisma Cloud Tags
      Prisma Cloud tags arre different from cloud tags that you may have included within your IaC templates. Prisma Cloud tags enable visibility in the Prisma Cloud administrator console.
      Provide the values as a comma-separated list of tags. in the Prisma Cloud Tags field. An example list is:
      owner:johndoe, team:creditapp, env:dev
  3. Create the .prismaCloud/config.yml file and add it to the root directory of your repository branch. The file is required, and it must include the template type, version, and the template specific parameters and tags you use in your environment.

Scan Using the Prisma Cloud VS Code Extension

Now, you are ready to scan your templates and view the results within the VS Code editor.
  1. Scan a file or folder.
    Right-click on your template file in the VS Code Explorer and select
    Prisma Scan
    to check your template against Prisma Cloud IaC policies.
    If you are performing the scan using Helm Charts, then right-click on the directory containing Chart.yml; do not click on the Chart.yml file. To select a root directory in VSCode click
    Open Folder
    , click the directory in VSCode, right-click on some open space, and then select
    Prisma Scan
    . If the project contains multiple directories then in VSCode click
    Open Folder
    , navigate to the directory that contains
    , right-click on some open space, and then select
    Prisma Scan
  2. View the scan results.
    Select the
    Prisma Cloud
    icon on the Activity Bar.
    The results of the check will appear in the
    Prisma Cloud Result
    window. If the extension discovers any policy violations, the
    Prisma Cloud Result
    window sorts the results by severity and displays the following details for each violation:
    • Name of the violated policy
    • Severity of the violation
    • Names of the module or files that have issues
    • Timestamp of the scan
    For more details on a matched policy, select
    Policy URL
    for its detailed documentation.
    When you scan a different template, the result window refreshes to display the latest scan results.
    In case of an error condition, the error will appear at the bottom right of VSCode and in the scan result window.

Recommended For You