Features Introduced in January 2023
Learn about the new Code Security capabilities on Prisma™ Cloud Enterprise Edition (SaaS) in January 2023.
The following new features or enhancements are available for Prisma Cloud Code Security. These capabilities help agile teams add security checks to their existing IaC (Infrastructure-as-Code) model and enforce security throughout the build lifecycle.
Terraform Enterprise (Run Tasks)
Integrate Terraform Enterprise (Run Tasks)(
Settings >Repositories > Add Repository > Terraform Enterprise Cloud (Run Tasks)) to seamlessly add policy-as-code checks to your Terraform pipelines for completely automated security guardrails and enable you to collect feedback or directly block insecure deployments.
The CVEs with Moderate and Important severity will now be mapped as Medium and Important, respectively. With this change, if you have set the
Enforcementthreshold to Medium or above for detecting violations or failing the build for CVEs in your source code, the volume of violations will be higher than before.
For any VCS or CI/CD integrations where the hard fail is implemented for CVEs that are Medium or above in severity, the builds that were passing earlier will now fail.
Terraform Cloud ( Run Tasks)
With this release, for Terraform Cloud ( Run Tasks)(
Settings > Repositories > Add Repository > Terraform Cloud (Run Tasks)) integration you can enable specific configuration run tasks scan during
Post-planphase for selected or all workspaces. Using your preferential configuration, Prisma Cloud will perform a run tasks scan on your selected (or all) workspaces before or after Terraform Cloud generates a plan.
This change does not impact your existing configuration. You can continue to review and manage the scan results on
Code Security > Projects)
New Policies and Policy Updates
New Configuration Build Policies
The following new build policy is available on Prisma Cloud Code Security module:
Addition of Build Checks to Existing Configuration Run Policies
The following configuration policies now include build time checks. With this change, these policies perform checks for Run, Build configuration issues:
Changes in Existing Behavior
Terraform Cloud Run Tasks
For Terraform Cloud Run Tasks, the Enforcement Settings for IaC Scans were enforced only when you had enabled the checkbox to
Make Prisma Cloud’s run tasks mandatory. The
Make Prisma Cloud’s run tasks mandatoryis now removed, to make this behavior consistent with other VCS, IDE, and CI/CD pipeline integrations for Code Security.
Impact-If you have an existing Terraform Cloud Run Task integration on Prisma Cloud that was not set to mandatory, and have set the Enforcement Settings threshold for Hard Fail to anything other than
Offsuch as Low or above for IaC Scan, the run tasks will now be mandatory. Builds that were passing earlier will now fail when there is a violation above the severity threshold detected in your IaC files.
Recommended For You
Recommended videos not found.