Use the Prisma Cloud Extension for Visual Studio Code

With the Prisma Cloud Enterprise edition license, you can install the Prisma Cloud extension for Visual Studio (VS) Code to detect issues in your Infrastructure-as-Code (IaC) templates and deployment files against Prisma Cloud security policies early in the software development process, directly within your VS Code editor. The following steps show how simple it is to install and check your templates and files for potential security misconfigurations.

Install Prisma Cloud Extension for Visual Studio Code

The Prisma Cloud extension supports VS Code version 1.36.0 and later.
  1. In VS Code, navigate to
    Extensions
    .
  2. Enter
    Prisma Cloud
    in search.
    iac-scan-plugin-vs-code.png
  3. Install
    the extension.

Configure the Prisma Cloud Extension for VS Code

Before you can use the Prisma Cloud extension for VS Code, you’ll need to configure the extension to include your API access key, secret key, and Prisma Cloud API URL. If your access keys change, you must update the details in the extension settings.
  1. In VS Code, navigate to
    Settings
    Extensions
    Prisma Cloud
    .
  2. Enter the following information for the Prisma Cloud extension:
    iac-scan-vscode-plugin-settings.png
    • Prisma Cloud API URL
      .
      The URL for Prisma Cloud varies depending on the region and cluster on which your tenant is deployed. The tenant provisioned for you is, for example, https://app2.prismacloud.io or https://app.eu.prismacloud.io. Replace
      app
      in the URL with
      api
      and enter it here. Refer to the Prisma Cloud REST API Reference, which is accessible from the Help Center within the Prisma Cloud web interface for more details.
    • Access Key
      .
      The Prisma Cloud access key enables programmatic access. If you do not have a key, you must Create and Manage Access Keys.
    • Secret Key
      .
      You should have saved this key when you generated your Prisma Cloud access key and corresponding secret key. You cannot view the secret key on the Prisma Cloud web interface.
    • Asset Name
      Give your VSCode instance an asset name. You can choose an arbitrary name. Prisma Cloud uses the asset name to track results. Some examples of names are appteam_vscode or johndoe_vscode.
    • Prisma Cloud Tags
      Prisma Cloud tags arre different from cloud tags that you may have included within your IaC templates. Prisma Cloud tags enable visibility in the Prisma Cloud administrator console.
      Provide the values as a comma-separated list of tags. in the Prisma Cloud Tags field. An example list is:
      owner:johndoe, team:creditapp, env:dev
      .
  3. Create the .prismaCloud/config.yml file and add it to the root directory of your repository branch. The file is required, and it must include the template type, version, and the template specific parameters and tags you use in your environment.

Scan Using the Prisma Cloud VS Code Extension

Now, you are ready to scan your templates and view the results within the VS Code editor.
  1. Scan a file.
    Right-click on your template file in the VS Code Explorer and select
    Prisma Scan
    to check your template against Prisma Cloud IaC policies.
    iac-scan-plugin-vscode-scan.png
  2. View the scan results.
    Select the
    Prisma Cloud
    icon on the Activity Bar.
    iac-scan-vscode-config-yml.png
    The results of the check will appear in the
    Prisma Cloud Result
    window. If the extension discovers any policy violations, the
    Prisma Cloud Result
    window sorts the results by severity and displays the following details for each violation:
    • Name of the violated policy
    • Severity of the violation
    • Names of the module or files that have issues
    • Timestamp of the scan
    When you scan a different template, the result window refreshes to display the latest scan results.
    iac-scan-plugin-vscode-scan-error.png

Recommended For You