1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma™ Cloud Administrator's Guide
    5. Prisma Cloud DevOps Security
    6. Use the Prisma Cloud Plugin for IntelliJ IDEA

    Use the Prisma Cloud Plugin for IntelliJ IDEA

    With the Prisma Cloud Enterprise edition license, you can install the IntelliJ IDEA plugin that enables you to check Infrastructure-as-Code (IaC) templates and deployment files against Prisma Cloud IaC policies, within your integrated development environment (IDE). The following steps show how simple it is to install and check your IaC templates and files for potential security misconfigurations.
    If you were using version 1.2 or earlier of the Prisma Cloud plugin for IntelliJ IDEA, you must update the plugin to version 1.3 or later. Use the instructions in this section to set up the plugin with the updated Prisma Cloud API URL and enter the credentials that are required to authenticate to Prisma Cloud.

    Install the Prisma Cloud Plugin for IntelliJ

    The Prisma Cloud plugin supports IntelliJ IDEA version 2016.2 and above.
    1. In IntelliJ IDEA, select
      File
      Settings
      Plugins
       (on macOS, select
      Preferences
      Plugins
      ).
    2. On the
      Plugins
       page, select
      Marketplace
       and search for
      Prisma Cloud
      .
      iac-scan-plugin-intellij.png
    3. Install
       the plugin.
      Restart the IDE and verify that the Prisma Cloud plugin displays in the list of
      Installed
       plugins.

    Configure the Prisma Cloud Plugin for IntelliJ

    After you install the plugin, you must provide the Prisma Cloud API URL and Prisma Cloud access key information to authenticate and start scanning you IaC templates. If your access key changes, you’ll need to update the access key information in this configuration.
    1. In IntelliJ IDEA, select
      Settings
      Tools
      Prisma Cloud Plugin
       (on macOS, select
      Preferences
      Tools
      Prisma Cloud Plugin
      ).
    2. Enter the following information to set up the plugin.
      iac-scan-plugin-intellij-setup.png
      • Prisma Cloud API URL
        .
        The URL for Prisma Cloud varies depending on the region and cluster on which your tenant is deployed. The tenant provisioned for you is, for example, https://app2.prismacloud.io or https://app.eu.prismacloud.io. Replace
        app
         in the URL with
        api
         and enter it here. Refer to the Prisma Cloud REST API Reference, which is accessible from the Help Center within the Prisma Cloud web interface for more details.
      • Access Key
        .
        The access key enables programmatic access to Prisma Cloud. If you do not have a key, you must Create and Manage Access Keys.
      • Secret Key
        .
        You should have saved this secret key when you generated it. You cannot view it on the Prisma Cloud web interface.
      • Asset Name
        Enter an asset name to identify the repository you want to scan.
      • Tags
        .
        Define tags to organize the templates that are scanned with this service connection, for visibility on Prisma Cloud.
    3. Add the Prisma Cloud configuration file.
      The Prisma Cloud configuration file supports IaC scanning of complex module structures and variable formats. To add this file, create a subdirectory and file .prismaCloud/config.yml in the root folder of your project or repository branch. See Set Up Your Prisma Cloud Configuration File for IaC Scan for details.
      iac-scan-plugin-intellij-pc-config-file.png

    Scan Using the Prisma Cloud Plugin for IntelliJ

    Now, you are ready to scan your templates and view the results before you check it in to the repository or pipeline.
    You must have a Prisma Cloud Enterprise edition license and valid credentials to scan IaC templates.
    1. Scan the files for insecure configurations.
      Right-click to scan your template file or folder in the IDEA
      Project
       window and select
      Prisma Scan
      .
      iac-scan-plugin-intellij-start-scan.png
    2. View the results of the scan in the
      Scan Result
       tool window.
      The title of the Scan Result window includes the date and time of the scan. For each scan, a new scan result window is added. The tab situated farthest to the right displays the results of the latest scan.
      If the scan detects no potential issues, the message displays as follows:
      iac-scan-intellij-plugin-successful-scan.png
      If the scan detects any policy violations, the scan result displays the following details for each violation.
      • Name of the violated policy
      • Description of the violated policy
      • Severity of the violation
      • Name of the file with the issue
      By default, the results are sorted by severity. You can sort the
      Scan Result
       using the policy name also.
      The following examples show scan results for various template types. The first example shows the result of scanning a Kubernetes deployment file with content that violates policies. You will need to change content of your Prisma Cloud configuration file, .prismaCloud/config.yml, depending on the template types and variables in your project.
      iac-scan-plugin-intellij-successful-issues-k8.png
      The following example shows the result of scanning a folder with CloudFormation templates that have policy violations.
      iac-scan-plugin-intellij-successful-issues-cft.png
      The example below shows the result of scanning a folder with Terraform 0.12 templates that contain a policy violation.
      iac-scan-plugin-intellij-successful-issues-tf.png

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2020 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo