Use the Prisma Cloud IaC Scan Plugin for Jenkins

Learn how to use the Prisma Cloud™ IaC Scan Plugin for Jenkins to incorporate vulnerability and compliance scanning into your continuous integration pipeline.
Use the Prisma™ Cloud IaC Scan Plugin to perform Infrastructure as Code (IaC) scanning during Jenkins builds. To use Prisma Cloud IaC scan functionality, you need to have a connection to a Prisma Cloud api server and the login credentials. The Prisma Cloud IaC scan plugin scans the templates for misconfigurations, and if an issue is detected then you will be able to see the issues generated as a report within Jenkins.
  1. Verify the prerequisites.
    You must have administrative privileges in Jenkins to install the Prisma Cloud IaC scan plugin.
    1. Launch your browser to point to the location of your Jenkins server. For example, the default URL is http://localhost:8080. Replace
      with a custom port you used.
    2. Enter your
      and click
      Sign in
    3. Generate your access key and secret key in Prisma Cloud.
      • Access Key
        —Enables programmatic access to Prisma Cloud. To create an access key select
        Access Keys
        Add New.
      • Secret Key
        —You should have saved this secret key when you generated it. You cannot view it on the Prisma Cloud web interface.
    4. Create the .prismaCloud/config.yml file and add it to the root directory of your source code in your repository. The config.yml file is required, and it currently supports template_parameters like variables, and the tags you use in your environment.
  2. Install the Prisma Cloud IaC Scan plugin.
    Use the plugin manager in Jenkins to install the Prisma Cloud IaC scan plugin for scanning your templates and images across all Source Code Management repositories connected to Jenkins.
    1. Log in to Jenkins.
    2. Select
      Manage Jenkins
      Manage Plugins
    3. Enter
      prisma cloud
      to find Prisma Cloud iac scan on the Jenkins marketplace.
    4. Install the plugin.
    5. Select
      Restart Jenkins
      when installation is complete and no jobs are running.
    6. Select
      Manage Jenkins
      Manage Plugins
      to verify that the Jenkins plugin is available for use.
  3. Connect Jenkins to your Prisma Cloud server.
    The API URL for Prisma Cloud varies depending on the region and cluster on which your tenant is deployed.
    If the tenant provisioned for you is, for example, or, replace
    in the URL with
    . Refer to the Prisma Cloud REST API Reference, for more details.
    1. In Jenkins select
      Manage Jenkins
      Configure System.
      Enter the credentials for
      Auth URL
      Access Key
      , and
      Secret Key
    2. Click
      Test Connection
      to authenticate into Prisma Cloud and after successful connection the message
      Successfully authenticated with server
      will display.
  4. Add a build step in Jenkins
    After you connect Prisma Cloud IaC scan to Prisma Cloud add a build step.
    1. Select
      New Item
      to add a name for the item that you want to build.
    2. Save your item by clicking
    3. Select
      and navigate to
      . Specify the following fields except Template Version which is optional:
      • Asset Name
        —The registered asset name that will appear as the resource name in the Prisma Cloud Devops inventory. The character limit for asset name should not exceed 255 characters. For example,
        is a valid asset name.
      • Tags
        —The key-value pairs separated by commas which allows the build to be searched in the DevOps inventory UI of Prisma Cloud. Examples of valid tags;
      • Template Type
        —A template is a configuration management tool that is used to provision resources in the cloud. The templates supported are Terraform, AWS CloudFormation, and Kubernetes Templates. Enter the templates abbreviations as values, for example
        , and
      • Template Version (Optional)
        —This field is only applicable if you entered
        in the Template Type field. Examples of valid values are 0.11, 0.12, or 0.13. The value you enter will be a hint as the system will attempt to determine the correct version number, otherwise the system will use the value you entered.
      • Set up the failure criteria for the Prisma Cloud IaC scan
        Define the number of issues by severity in
        Prisma Cloud IaC scan
        plugin. Set the
        : x,
        : y,
        : z, Operator: O, where, x,y, and z are the number of issues of each severity, and the operator is
        For example:
        • To fail the pipeline for any security issue detected—High : 0, Medium : 0, Low : 0, Operator: OR
        • To never fail the pipeline—High : 1000, Medium : 1000, Low : 1000, Operator: AND
  5. Run an IaC Scan on your build.
    1. Select
      Build Now
      to generate your build.
    2. Refresh Jenkins so that
      Prisma Cloud IaC Scan Report
      will appear in the left pane.
    3. Select the build and then select
      Prisma Cloud IaC Scan Report
      to view the report.

Recommended For You