Look Ahead—Planned Updates on Prisma Cloud Code Security
Review any deprecation notices and policy changes planned in the next Prisma Cloud Code Security release.
Read this section to learn about what is planned in the upcoming release. The Look Ahead announcements are for an upcoming or next release and it is not a cumulative list of all announcements.
The details and functionality listed below are a preview and the actual release date is subject to change.
Changes in Existing Behavior
FEATURE | DESCRIPTION |
Terraform Cloud Run Tasks | For Terraform Cloud Run Tasks, the Enforcement Settings for IaC Scans are currently enforced only when you have enabled the checkbox to Make Prisma Cloud’s run tasks mandatory .
Make Prisma Cloud’s run tasks mandatory is being removed, to make this behavior consistent with other VCS, IDE, and CI/CD pipeline integrations for Code Security.Impact- If you have an existing Terraform Cloud Run Task integration on Prisma Cloud that was previously not set to mandatory, and have set the Enforcement Settings threshold for Hard Fail to anything other than Off such as Low or above for IaC Scan, the run tasks will now be mandatory. Builds that were passing earlier will now fail when there is a violation above the severity threshold detected in your IaC files. |
New Policies and Policy Updates
Learn about the new policies and upcoming policy changes for new and existing Prisma Cloud System policies.
POLICY UPDATES | DESCRIPTION |
AWS EBS volume region with encryption is disabled | Changes- The Build remediation instructions are being updated according to encrypt-ebs-volume.Impact- No impact on alerts. |
Basic Auth Credentials | Changes- The policy name is being updated to reflect the latest changes.Current Policy Name- Basic Authentication CredentialsImpact- No impact on alerts. |
GitHub VCS Integration | To help ensure that your GitHub organization and repository and GitLab repository configurations are using proper branch protection and build integrity guidelines, Prisma Cloud is adding Build Integrity policies in the upcoming release. These permissions are required to pull organization and repository configurations and scan them for Supply Chain policy violations.
The following additional read-only permissions are being requested:
Impact- If you opt to reject or ignore the request for the additional permissions, there will be no impact on existing scans; however, you will not be able to detect violations of the build integrity policies. |
Policy Deletions | |
AWS EC2 instance is not configured with VPC | Changes- This policy is deleted because resources are configured in VPC by default.Impact- No impact on alerts. |
My SQL server enables public network access (duplication of CKV_AZURE_53) | Changes- This policy is a duplication of an existing policy, therefore will be deleted.Impact- No impact on alerts. |
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.
