1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma™ Cloud Administrator's Guide
    5. Prisma Cloud DevOps Security
    6. Use the Prisma Cloud IaC Scan Plugin for Jenkins

    Use the Prisma Cloud IaC Scan Plugin for Jenkins

    Learn how to use the Prisma Cloud™ IaC Scan Plugin for Jenkins to incorporate vulnerability and compliance scanning into your continuous integration pipeline.
    Use the Prisma™ Cloud IaC Scan Plugin to perform Infrastructure as Code (IaC) scanning during Jenkins builds. To use Prisma Cloud IaC scan functionality, you need to have a connection to a Prisma Cloud api server and the login credentials. The Prisma Cloud IaC scan plugin scans the templates for misconfigurations, and if an issue is detected then you will be able to see the issues generated as a report within Jenkins.
    1. Verify the prerequisites.
      You must have administrative privileges in Jenkins to install the Prisma Cloud IaC scan plugin.
      1. Launch your browser to point to the location of your Jenkins server. For example, the default URL is http://localhost:8080. Replace
        8080
         with a custom port you used.
      2. Enter your
        username
         and
        password
         and click
        Sign in
        .
      3. Generate your access key and secret key in Prisma Cloud.
        • Access Key
          —Enables programmatic access to Prisma Cloud. To create an access key select
          Settings
          Access Keys
          Add New.
        • Secret Key
          —You should have saved this secret key when you generated it. You cannot view it on the Prisma Cloud web interface.
      4. Create the .prismaCloud/config.yml file and add it to the root directory of your source code in your repository. The config.yml file is required, and it currently supports template_parameters like variables, and the tags you use in your environment.
    2. Install the Prisma Cloud IaC Scan plugin.
      Use the plugin manager in Jenkins to install the Prisma Cloud IaC scan plugin for scanning your templates and images across all Source Code Management repositories connected to Jenkins.
      1. Log in to Jenkins.
      2. Select
        Manage Jenkins
        Manage Plugins
        Available
        .
      3. Enter
        prisma cloud
         to find Prisma Cloud iac scan on the Jenkins marketplace.
      4. Install the plugin.
      5. Select
        Restart Jenkins
         when installation is complete and no jobs are running.
      6. Select
        Manage Jenkins
        Manage Plugins
        Installed
         to verify that the Jenkins plugin is available for use.
    3. Connect Jenkins to your Prisma Cloud server.
      The API URL for Prisma Cloud varies depending on the region and cluster on which your tenant is deployed.
      If the tenant provisioned for you is, for example, https://app2.prismacloud.io or https://app.eu.prismacloud.io, replace
      app
       in the URL with
      api
      . Refer to the Prisma Cloud REST API Reference, for more details.
      1. In Jenkins select
        Manage Jenkins
        Configure System.
         Enter the credentials for
        Auth URL
        ,
        Access Key
        , and
        Secret Key
        .
      2. Click
        Test Connection
         to authenticate into Prisma Cloud and after successful connection the message
        Successfully authenticated with server
        will display.
    4. Add a build step in Jenkins
      After you connect Prisma Cloud IaC scan to Prisma Cloud add a build step.
      1. Select
        New Item
         to add a name for the item that you want to build.
      2. Save your item by clicking
        OK
        .
      3. Select
        Configure
         and navigate to
        Build
        . Specify the following fields except Template Version which is optional:
        • Asset Name
          —The registered asset name that will appear as the resource name in the Prisma Cloud Devops inventory. The character limit for asset name should not exceed 255 characters. For example,
          prisma-cloud-build
           is a valid asset name.
        • Tags
          —The key-value pairs separated by commas which allows the build to be searched in the DevOps inventory UI of Prisma Cloud. Examples of valid tags;
          env:dev
          ,
          tag:value
          ,
          team:team-one
          .
        • Template Type
          —A template is a configuration management tool that is used to provision resources in the cloud. The templates supported are Terraform, AWS CloudFormation, and Kubernetes Templates. Enter the templates abbreviations as values, for example
          TF
          ,
          CFT
          , and
          K8S
          .
        • Template Version (Optional)
          —This field is only applicable if you entered
          TF
          in the Template Type field. Examples of valid values are 0.11, 0.12, or 0.13. The value you enter will be a hint as the system will attempt to determine the correct version number, otherwise the system will use the value you entered.
        • Set up the failure criteria for the Prisma Cloud IaC scan
          Define the number of issues by severity in
          Prisma Cloud IaC scan
          plugin. Set the
          High
          : x,
          Medium
           : y,
          Low
           : z, Operator: O, where, x,y, and z are the number of issues of each severity, and the operator is
          OR
          ,
          AND
          .
          For example:
          • To fail the pipeline for any security issue detected—High : 0, Medium : 0, Low : 0, Operator: OR
          • To never fail the pipeline—High : 1000, Medium : 1000, Low : 1000, Operator: AND
    5. Run an IaC Scan on your build.
      1. Select
        Build Now
         to generate your build.
      2. Refresh Jenkins so that
        Prisma Cloud IaC Scan Report
         will appear in the left pane.
      3. Select the build and then select
        Prisma Cloud IaC Scan Report
         to view the report.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2021 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo