Features Introduced in June 2022
Learn about the new Code Security capabilities on Prisma™ Cloud Enterprise Edition (SaaS) in June 2022.
The following new features or enhancements are available for Prisma Cloud Code Security. These capabilities help agile teams add security checks to their existing IaC (Infrastructure-as-Code) model and enforce security throughout the build lifecycle.
New Features
Policy Updates | Description |
Enforcement Thresholds and Scope | Enforcement enables you to define the thresholds for reducing unnecessary noise in your code reviews and focusing on the most critical issues across the following categories— Open Source (SCA), Infrastructure as Code (IaC), Secrets, Container Images, and Build Integrity. Based on best practice guidelines Prisma Cloud provides default enforcement settings. If you had previously configured any rules on Settings Code Security Configuration To modify the enforcement configuration ( Code Security Projects More Actions Enforcement ![]() |
Terraform Cloud (Run Tasks) | Integrate Terraform Cloud (Run Tasks)( Settings Add Repositories Terraform Cloud (Run Tasks) ![]() |
New Configuration Build Policies | The following new build policies are available on Prisma Cloud Code Security module:
|
Updates to Existing Configuration Run Policies | The following new Build policies are added to the existing Configuration Run policies:
|
Build Policy Updates-Metadata | AWS access keys and secrets are hard coded in infrastructure Changes— The cloud type for this policy is updated from ANY to AWS.Impact— No impact on alerts. |
Azure Storage Account Access Keys Changes— The cloud type for this policy is updated from ANY to Azure.Impact— No impact on alerts. | |
GCP resources that support labels do not have labels Changes— The cloud type for this policy is updated from ANY to GCP.Impact— No impact on alerts. | |
AWS S3 Bucket BlockPublicPolicy is set to True Changes— The policy name has been updated to support Prisma Cloud’s naming guidelines.
Impact— No impact on alerts. | |
AWS S3 bucket IgnorePublicAcls is set to True Changes— The policy name has been updated to support Prisma Cloud’s naming guidelines.
Impact— No impact on alerts. | |
AWS S3 bucket RestrictPublicBucket is set to True Changes— The policy name has been updated to support Prisma Cloud’s naming guidelines.
Impact— No impact on alerts. | |
S3 bucket MFA Delete is not enabled Changes— The policy description and recommendation details have been updated to describe the policy better.Updated Description— Ensure S3 bucket MFA Delete is enabled.Impact— No impact on alerts. | |
AWS IAM policies that allow full administrative privileges are created Changes— The severity level for this policy is updated from Critical to Low .Impact— No impact on alerts. | |
Lambda function’s environment variables expose secrets Changes— The severity level for this policy is updated from High to Medium .Impact— No impact on alerts. | |
SQS queue policy is public and access is not restricted to specific services or principals Changes— The severity level for this policy is updated from Medium to High .Impact— No impact on alerts. | |
Policy Deletions Applies only if you have enabled the Code Security subscription on Prisma Cloud | The following build policies are deleted from Prisma Cloud:
Impact— No impact on alerts. |
Changes in Existing Behavior
Change | Description |
Code Reviews and Pull Request Bot Comments for Code Security Configuration | With this release, new Enforcement options are available for code reviews. With the enhancement, the ability to configure Code Reviews and Pull Request Bot Comments is no longer part of the Code Security Configuration on Settings Code Security Configuration Code Security Projects More Actions Enforcement This change does not impact your existing configuration. All your existing configurations are migrated over as Enforcement settings. You can review and manage the enforcement thresholds and exceptions from Code Security Projects More Actions Enforcement |
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.