Use the Prisma Cloud IaC Scan Plugin for Jenkins
Learn how to use the Prisma Cloud™ IaC Scan Plugin for
Jenkins to incorporate vulnerability and compliance scanning into
your continuous integration pipeline.
Use the Prisma™ Cloud IaC Scan Plugin to perform
Infrastructure as Code (IaC) scanning during Jenkins builds. To
use Prisma Cloud IaC scan functionality, you need to have a connection
to a Prisma Cloud api server and the login credentials. The Prisma
Cloud IaC scan plugin scans the templates for misconfigurations,
and if an issue is detected then you will be able to see the issues generated
as a report within Jenkins.
- Verify the prerequisitesYou must have administrative privileges in Jenkins to install the Prisma Cloud IaC scan plugin.
- Launch your browser to point to the location of your Jenkins server. For example, the default URL is http://localhost:8080. Replace8080with a custom port you used.
- Enter yourusernameandpassword.
- ClickSign in.
- Access KeyEnables programmatic access to Prisma Cloud. To create an access key selectSettingsAccess KeysAdd New.
- Secret KeyYou should have saved this secret key when you generated it. You cannot view it on the Prisma Cloud web interface.
- Install the Prisma Cloud IaC Scan PluginUse the plugin manager in Jenkins to install the Prisma Cloud IaC scan plugin for scanning your templates and images across all Source Code Management repositories connected to Jenkins.
- Log in to Jenkins.
- Select.Manage JenkinsManage PluginsAvailable
- Enterprisma cloudto find Prisma Cloud iac scan on the Jenkins marketplace.
- Install the plugin.
- SelectRestart Jenkinswhen installation is complete and no jobs are running.
- Selectto verify that the Jenkins plugin is available for use.Manage JenkinsManage PluginsInstalled
- Connect Jenkins to Your Prisma Cloud ServerThe API URL for Prisma Cloud varies depending on the region and cluster on which your tenant is deployed.If the tenant provisioned for you is, for example, https://app2.prismacloud.io or https://app.eu.prismacloud.io, replaceappin the URL withapi. Refer to the Prisma Cloud REST API Reference, for more details.
- In Jenkins selectEnter the credentials forManage JenkinsConfigure System.Auth URL,Access Key, andSecret Key.
- ClickTest Connectionto authenticate into Prisma Cloud and after successful connection the messageSuccessfully authenticated with serverwill display.
- Add a Build Step in JenkinsAfter you connect Prisma Cloud IaC scan to Prisma Cloud add a build step.
- SelectNew Itemto add a name for the item that you want to build.
- Save your item by clickingOK.
- SelectConfigureand navigate toBuild. Specify the following fields except Template Version which is optional:
- Asset Name—The registered asset name that will appear as the resource name in the Prisma Cloud Devops inventory. The character limit for asset name should not exceed 255 characters. For example,prisma-cloud-buildis a valid asset name.
- Tags—The key-value pairs separated by commas which allows the build to be searched in the DevOps inventory UI of Prisma Cloud. Examples of valid tags;env:dev,tag:value,team:team-one.
- Template Type—A template is a configuration management tool that is used to provision resources in the cloud. The templates supported are Terraform, AWS CloudFormation, and Kubernetes Templates. Enter the templates abbreviations as values, for exampleTF,CFT, andK8S.
- Template Version (Optional)—This field is only applicable if you enteredTFin the Template Type field. Examples of valid values are 0.11, 0.12, or 0.13. The value you enter will be a hint as the system will attempt to determine the correct version number, otherwise the system will use the value you entered.
- Set up the failure criteria for the Prisma Cloud IaC scanDefine the number of issues by severity inPrisma Cloud IaC scanplugin. Set theHigh: x,Medium: y,Low: z, Operator: O, where, x,y, and z are the number of issues of each severity, and the operator isOR,AND.For example:
- To fail the pipeline for any security issue detected—High : 0, Medium : 0, Low : 0, Operator: OR
- To never fail the pipeline—High : 1000, Medium : 1000, Low : 1000, Operator: AND
- Run an IaC Scan on Your Build
- SelectBuild Nowto generate your build.
- Select the build and then selectPrisma Cloud IaC Scan Reportto view the report.
Recommended For You
Recommended Videos
Recommended videos not found.