Use the Prisma Cloud IaC Scan Plugin for Jenkins
Learn how to use the Prisma Cloud™ IaC Scan Plugin for Jenkins to incorporate vulnerability and compliance scanning into your continuous integration pipeline.
Use the Prisma™ Cloud IaC Scan Plugin to perform Infrastructure as Code (IaC) scanning during Jenkins builds. To use Prisma Cloud IaC scan functionality, you need to have a connection to a Prisma Cloud api server and the login credentials. The Prisma Cloud IaC scan plugin scans the templates for misconfigurations, and if an issue is detected then you will be able to see the issues generated as a report within Jenkins.
- Verify the prerequisites.You must have administrative privileges in Jenkins to install the Prisma Cloud IaC scan plugin.
- Launch your browser to point to the location of your Jenkins server. For example, the default URL is http://localhost:8080. Replace8080with a custom port you used.
- Enter yourusernameandpasswordand clickSign in.
- Generate your access key and secret key in Prisma Cloud.
- Access Key—Enables programmatic access to Prisma Cloud. To create an access key selectSettingsAccess KeysAdd New.
- Secret Key—You should have saved this secret key when you generated it. You cannot view it on the Prisma Cloud web interface.
- Create the .prismaCloud/config.yml file and add it to the root directory of your source code in your repository. The config.yml file is required, and it currently supports template_parameters like variables, and the tags you use in your environment.
- Install the Prisma Cloud IaC Scan plugin.Use the plugin manager in Jenkins to install the Prisma Cloud IaC scan plugin for scanning your templates and images across all Source Code Management repositories connected to Jenkins.
- Log in to Jenkins.
- Select.Manage JenkinsManage PluginsAvailable
- Enterprisma cloudto find Prisma Cloud iac scan on the Jenkins marketplace.
- Install the plugin.
- SelectRestart Jenkinswhen installation is complete and no jobs are running.
- Selectto verify that the Jenkins plugin is available for use.Manage JenkinsManage PluginsInstalled
- Connect Jenkins to your Prisma Cloud server.The API URL for Prisma Cloud varies depending on the region and cluster on which your tenant is deployed.If the tenant provisioned for you is, for example, https://app2.prismacloud.io or https://app.eu.prismacloud.io, replaceappin the URL withapi. Refer to the Prisma Cloud REST API Reference, for more details.
- In Jenkins selectEnter the credentials forManage JenkinsConfigure System.Auth URL,Access Key, andSecret Key.
- ClickTest Connectionto authenticate into Prisma Cloud and after successful connection the messageSuccessfully authenticated with serverwill display.
- Add a build step in JenkinsAfter you connect Prisma Cloud IaC scan to Prisma Cloud add a build step.
- SelectNew Itemto add a name for the item that you want to build.
- Save your item by clickingOK.
- SelectConfigureand navigate toBuild. Specify the following fields except Template Version which is optional:
- Asset Name—The registered asset name that will appear as the resource name in the Prisma Cloud Devops inventory. The character limit for asset name should not exceed 255 characters. For example,prisma-cloud-buildis a valid asset name.
- Tags—The key-value pairs separated by commas which allows the build to be searched in the DevOps inventory UI of Prisma Cloud. Examples of valid tags;env:dev,tag:value,team:team-one.
- Template Type—A template is a configuration management tool that is used to provision resources in the cloud. The templates supported are Terraform, AWS CloudFormation, and Kubernetes Templates. Enter the templates abbreviations as values, for exampleTF,CFT, andK8S.
- Template Version (Optional)—This field is only applicable if you enteredTFin the Template Type field. Examples of valid values are 0.11, 0.12, or 0.13. The value you enter will be a hint as the system will attempt to determine the correct version number, otherwise the system will use the value you entered.
- Set up the failure criteria for the Prisma Cloud IaC scanDefine the number of issues by severity inPrisma Cloud IaC scanplugin. Set theHigh: x,Medium: y,Low: z, Operator: O, where, x,y, and z are the number of issues of each severity, and the operator isOR,AND.For example:
- To fail the pipeline for any security issue detected—High : 0, Medium : 0, Low : 0, Operator: OR
- To never fail the pipeline—High : 1000, Medium : 1000, Low : 1000, Operator: AND
- Run an IaC Scan on your build.
- SelectBuild Nowto generate your build.
- Refresh Jenkins so thatPrisma Cloud IaC Scan Reportwill appear in the left pane.
- Select the build and then selectPrisma Cloud IaC Scan Reportto view the report.
Recommended For You
Recommended videos not found.