Use the Prisma Cloud Extension for Visual Studio Code
With the Prisma Cloud Enterprise edition license, you can install the Prisma Cloud extension for Visual Studio (VS) Code to detect issues in your Infrastructure-as-Code (IaC) templates and deployment files against Prisma Cloud security policies early in the software development process, directly within your VS Code editor. The following steps show how simple it is to install and check your templates and files for potential security misconfigurations.
Install Prisma Cloud Extension for Visual Studio Code
The Prisma Cloud extension supports VS Code version 1.36.0 and later.
- In VS Code, navigate toExtensions.
- EnterPrisma Cloudin search.
- Installthe extension.
Configure the Prisma Cloud Extension for VS Code
Before you can use the Prisma Cloud extension for VS Code, you’ll need to configure the extension to include your API access key, secret key, and Prisma Cloud API URL. If your access keys change, you must update the details in the extension settings.
- In VS Code, navigate to.SettingsExtensionsPrisma Cloud
- Enter the following information for the Prisma Cloud extension:
- Prisma Cloud API URL.The URL for Prisma Cloud varies depending on the region and cluster on which your tenant is deployed. The tenant provisioned for you is, for example, https://app2.prismacloud.io or https://app.eu.prismacloud.io. Replaceappin the URL withapiand enter it here. Refer to the Prisma Cloud REST API Reference, which is accessible from the Help Center within the Prisma Cloud web interface for more details.
- Access Key.The Prisma Cloud access key enables programmatic access. If you do not have a key, you must Create and Manage Access Keys.
- Secret Key.You should have saved this key when you generated your Prisma Cloud access key and corresponding secret key. You cannot view the secret key on the Prisma Cloud web interface.
- Asset NameGive your VSCode instance an asset name. You can choose an arbitrary name. Prisma Cloud uses the asset name to track results. Some examples of names are appteam_vscode or johndoe_vscode.
- Prisma Cloud TagsPrisma Cloud tags arre different from cloud tags that you may have included within your IaC templates. Prisma Cloud tags enable visibility in the Prisma Cloud administrator console.Provide the values as a comma-separated list of tags. in the Prisma Cloud Tags field. An example list is:owner:johndoe, team:creditapp, env:dev.
- Create the .prismaCloud/config.yml file and add it to the root directory of your repository branch. The file is required, and it must include the template type, version, and the template specific parameters and tags you use in your environment.
Scan Using the Prisma Cloud VS Code Extension
Now, you are ready to scan your templates and view the results within the VS Code editor.
- Scan a file or folder.Right-click on your template file in the VS Code Explorer and selectPrisma Scanto check your template against Prisma Cloud IaC policies.If you are performing the scan using Helm Charts, then right-click on the directory containing Chart.yml; do not click on the Chart.yml file. To select a root directory in VSCode clickOpen Folder, click the directory in VSCode, right-click on some open space, and then selectPrisma Scan. If the project contains multiple directories then in VSCode clickOpen Folder, navigate to the directory that contains/charts, right-click on some open space, and then selectPrisma Scan.
- View the scan results.Select thePrisma Cloudicon on the Activity Bar.The results of the check will appear in thePrisma Cloud Resultwindow. If the extension discovers any policy violations, thePrisma Cloud Resultwindow sorts the results by severity and displays the following details for each violation:
For more details on a matched policy, selectPolicy URLfor its detailed documentation.When you scan a different template, the result window refreshes to display the latest scan results.In case of an error condition, the error will appear at the bottom right of VSCode and in the scan result window.
- Name of the violated policy
- Severity of the violation
- Names of the module or files that have issues
- Timestamp of the scan
Recommended For You
Recommended videos not found.