Features Introduced in August 2022

Learn about the new Code Security capabilities on Prisma™ Cloud Enterprise Edition (SaaS) in August 2022.
The following new features or enhancements are available for Prisma Cloud Code Security. These capabilities help agile teams add security checks to their existing IaC (Infrastructure-as-Code) model and enforce security throughout the build lifecycle.

New Features

Feature
Description
Software Bill of Materials
Prisma Cloud can now generate a software bill of materials (SBOM), in both CycloneDX and CSV formats, that includes open source packages, container images, and infrastructure as code (IaC) resources that are passing and failing policy checks. In addition to including a full inventory of components, an SBOM also include vulnerabilities, misconfigurations, and known licenses for dependencies.
Multiple Token Support for Azure Repos
TheAzure repos integration (
Settings
Repositories
Add Repositories
Azure Repos
) on the Prisma Cloud console now also supports multiple OAuth tokens. You can onboard multiple organizations from the same Azure Repos account (using a single user token), or enable multiple tokens to onboard multiple organizations associated with the same Azure Repos account or different accounts.
You can also reconfigure security scans for the existing user tokens by reselecting repositories, add more organizations using the similar authorization workflow, and revoke OAuth user tokens to delete a user token.
Resource Explorer Enhancements
Resource Explorer has four tabs to give you contextualized understanding of a resource from code to cloud.
Accessible on
Code Security
Projects
and
Code Security
Supply Chain
, each tab gives you specific resource metadata:
  • Details: Helps you understand the connection between resources so that you can make informed decisions if the connection is a risk or if it is necessary.
  • Errors: Enables you to review security violations with the severity threshold for packages and utilize the information to either suppress or prioritize it.
  • History: Provides detailed information about a resource including suppression, change logs, and fixes.
  • Traceability: Enables you to explore connections between build-time and runtime resources.
Currently, you can review History and Traceability details for IaC resources only, and Errors are currently available for packages only.
Drift Detection for CloudFormation
Prisma Cloud now automatically detects and remediates drift between CloudFormation and AWS runtime environments. This enhancement augments the ability to identify drift for resources deployed using Terraform on AWS.
From the Prisma Cloud console, you can also Fix Drift, apply the manual changes that were made to the cloud resource and apply them as code in a pull request back to the CloudFormation template.
Usability Enhancements for Customizing Build Policy
For the default Prisma Cloud Configuration policies of subtype Build, you can now clone the policy and modify the name or severity level.
Further, when you use the code editor to create a custom build policy, the metadata includes an auto-completion list with only the relevant options.
New Configuration Build Policies
The following new build policies are available on Prisma Cloud Code Security module:
  • Non-compliant license type has been found on your open source packages
  • An unknown license type has been found among your open source package licenses

Recommended For You