Features Introduced in September 2022

Learn about the new Code Security capabilities on Prisma™ Cloud Enterprise Edition (SaaS) in September 2022.
The following new features or enhancements are available for Prisma Cloud Code Security. These capabilities help agile teams add security checks to their existing IaC (Infrastructure-as-Code) model and enforce security throughout the build lifecycle.

New Features

Feature
Description
Software Composition Analysis (SCA)
Software Composition Analysis (SCA) enables you to continuously scan any open source packages defined in your source code. The scan enables you to find and fix vulnerabilities in code and identify license violations earlier in the development lifecycle so that you can address risks in a timely manner. The scan runs across all integrations of repositories, IDE and CI/CD pipelines to give you:
  • Contextual information on Bill of Materials or Software Bill of Materials (SBOM), an inventory list of all open source packages and third-party components your source code utilizes. (
    Code Security
    Development Pipelines
    )
  • Visualization on direct and sub-dependencies between open source packages to help you identify vulnerabilities outside root dependency. (
    Code Security
    Supply Chain
    )
  • Information to identify potential software license violations and manually fix or suppress the issue. (
    Code Security
    Projects
    )
  • A list of vulnerabilities identified on open source packages that you can either suppress or directly fix in code. (
    Code Security
    Projects
    )

Changes in Existing Behavior

Change
Description
Code Editor for Build Policies
With this release, you can
Test
your YAML policy template when creating a rule for a custom policy in build-time checks (
Policies
Add Policy
Config
).
Additionally, information such as
Name
and
Severity
will not be displayed in the existing example of the YAML policy template on the console. However, this information will still be visible in your YAML code file. For example, in your
VCS
.

Recommended For You