Features Introduced in February 2023

Learn about the new Code Security capabilities on Prisma™ Cloud Enterprise Edition (SaaS) in February 2023.
The following new features or enhancements are available for Prisma Cloud Code Security. These capabilities help agile teams add security checks to their existing IaC (Infrastructure-as-Code) model and enforce security throughout the build lifecycle.

New Features

Enforcement Thresholds
You can now configure enforcement thresholds for Vulnerabilities, Licenses, IaC, Build integrity and Secrets. This update aligns with the three new Code Security modules for IaC Security, Software Composition Analysis (SCA) and Secrets Security. For existing customers, the Enforcement thresholds are mapped to the new categories as follows:
  • Images: Impacts on Vulnerabilities.
  • Open Source: Impacts on Licenses.
  • Supply Chain: Impacts on Build Integrity.
IaC and Secrets have no impact.
Code Editor for Custom Secrets
In addition to the custom policy for build-time checks, Code Editor now helps you define regular expression patterns for Custom Secrets identified on the Prisma Cloud console. The policy violation for custom secrets will continue to be viewable on
Code Security > Projects
Alert Rules for Detecting Drift
With this release, for Drift Detection (
Code Security > Projects
), you can now add alert rules to identify policy drift violations for account groups and policies to which you would like to receive alerts within your AWS and Azure cloud accounts. From the Prisma Cloud console (
Alerts > Overview
), you can access the alert summary and trace the origin of the drift using the yor_trace tag viewable on Traceability (
Alerts > Overview > Alert Count > Alert ID
Projects Enhancements
Code Security
on the Prisma Cloud console is enhanced to help you address security issues in your repositories more easily. It now groups scan results by resources and includes saved views with preset filters that provide contextualized scan results. Each view displays policy violations for a code category so you can prioritize what to fix across all your onboarded repositories.
  • Overview
    : A centralized view of all your scan results across all code categories with automated solutions.
  • IaC Misconfiguration
    : See scan results for security issues within resources and remediate the issue using automated solutions on the Prisma Cloud console.
  • Vulnerabilities
    : See scan results for CVE with severity levels and policy violations that may or may not have dependencies within your code. Remediate the issue by fixing the root or dependent versions automatically recommended on the console.
  • Secrets
    : See scan results for package security with severity levels of the policy violations to remediate.
  • License
    : See scan results for licensing when using open-source in your code that may have a dependency.
  • Build Integrity
    : Make informed decisions from the results of the scans in this category that identify multiple owners for the same repositories on integrated platforms.
  • VCS Pull Requests
    : A centralized view with automated solutions for all your scan results across open PRs.
  • CI/CD Runs
    : A centralized view with automated solutions for all your scan results on runs of your integrated repositories. You can also create multiple customized views from the default views or by defining a custom view. To access the capabilities of Projects, you need to enable the
    Code Security > Projects
Code Security Developer-Based Metering Plan
Prisma Cloud is introducing a new developer-based metering plan for Code Security. The plan introduces an a-la-carte model which includes three Code Security modules each using credits per developer.
  • Infrastructure as Code (IaC) Security
    : The module requires 3 credits per developer to help you with security throughout the infrastructure lifecycle.
  • Software Composition Analysis (SCA)
    : The model requires 4 credits per developer where developers are equipped to find, prioritize, and fix security vulnerabilities and license compliance issues in open-source dependencies.
  • Secrets Security
    : The module requires 1 credit per developer to scan all files to prevent exposing API keys, passwords, certificates, tokens, and other sensitive secrets with high fidelity using any of your VCS integrations.
A credit per developer within each of the modules is a user who actively commits on Git, identified through a unique Git email address with a contribution history to any Git repositories in the last 90 days. Enable one or more Code Security modules for an enhanced shift-left experience on the Prisma Cloud console (
Settings > Code Security Configuration
) You can always choose to reconfigure your licensing configuration during the shift-left experience.
Manage Network Tunnels for self-hosted version control systems (VCS)
Establish secure and managed access between your self-hosted version control systems (VCS) and Prisma Cloud using Transporter. After configuring a Transporter in your environment, followed by authentication from Prisma Cloud, Transporter establishes a network tunnel through the WebSocket over HTTPS. A single Transporter on the Prisma Cloud can secure multiple VCS integrations, or you can use multiple Transporters. This feature will be available on request.

Recommended For You