: Features Introduced in July 2023

Features Introduced in July 2023

Table of Contents

Features Introduced in July 2023

Learn about the new Code Security capabilities on Prisma™ Cloud Enterprise Edition (SaaS) in July 2023.
The following new features or enhancements are available for Prisma Cloud Code Security. These capabilities help agile teams add security checks to their development process and enforce security throughout the build lifecycle.

New Features

Integrated View of Run and Build details for Alerts
To help you as a Cloud Security Engineer investigate issues from code to cloud, the alert details now include information to trace and attribute which build-time resource has caused a policy violation for a runtime resource deployed in your cloud account. The alert details overview includes the IaC resource details and information on the build time resource. The new Traceability information helps you connect an alert from the production environment back to the origin templates in your upstream development environment.
To view the build-time details in an alert:
  • You must enable a Configuration policy with the subtype Run, Build and attach it to an alert rule on Prisma Cloud.
  • Your IaC templates must be onboarded through a VCS integration.
  • Terraform resources must include the
    tag so that your IaC resources are tagged with a unique UUID for tracing the relationship between the code resource and the runtime resource that is deployed from it. This is not necessary for CloudFormation.
CSV Export support on Projects
For further investigation for issues seen on Projects (
Code Security > Projects
) you can export the scan results across code category views with configured filters as a CSV report. The CSV report includes the following information:
  • Code Category
    : View the code category of the issue.
  • Status
    : View if the issue is Open, Suppressed, Fixed, Passed or Fix Pending.
  • Severity
    : View the severity of the issue.
  • IaC Category or Risk Factor
    : View if the issue is in code category of IaC misconfigurations or Risk Factor for Secrets and Vulnerabilities.
  • Policy ID
    : View the Prisma Cloud policy ID that is non-conformant.
  • Policy Reference
    : Helps you navigate to the policy reference guide to know more about the non-conformant policy.
  • Title
    : The policy name or CVE ID based on the issue.
  • Custom Policy
    : Verify if the non-conformant policy is a custom policy.
  • First Detection Date
    : Indicates when the issue was first detected.
  • Resource Name
    : The name of the resource where the issue is found.
  • Scan item
    : Only for issues in Code Reviews, you can view information on Pull Request ID, Pull Request Name, Commit hash for VCS Pull Requests or CI/CD branch and Run ID for CI/CD Runs.
  • Source ID
    : This is the repository name.
  • Suggested Fix
    : This shows if the scan results have recommended fixes. For IaC misconfigurations you will see if a fix Exists. For Vulnerabilities you will see a package version bump to.

Recommended For You