The Prisma Cloud Intelligence Stream now includes vulnerability data on non-RPM content from Red Hat, including binaries, Python scripts, JavaScript files, and Java JAR files within layered products like OpenShift. Rather than just flagging these as vulnerable, Prisma Cloud can now leverage Red Hat’s own detailed image analysis, enhancing precision in threat detection.

Added support for registry labels under collections to enable role-based access control (RBAC). The scan results for deployed images are now segregated with a

Custom label

within collections. This enhancement facilitates the association between the registry and the scanned images pertaining to that registry, along with registry-based role-based access control (RBAC) for improved security and management.

Added the ability for users to run CI scans on Linux using the containerd runtime. This change benefits customers using Kubernetes environments, which no longer support Docker as they need to perform CI scans without Docker.

CIS Benchmark for Google Kubernetes Engine (GKE) version 1.4.0 is now supported. This update includes compliance checks for worker nodes.

The Docker Access Control at

Defend > Access > Docker

and Access User role at

Manage > Authentication > Roles

were planned for End of Support in Newton (v31.00.129) as announced in 22.06 Release Notes. The deprecation is now extended until the next release Newton Update 1 (v31.01.xxx), when the feature will be no longer supported.

The ability to create CNNS policies that Defenders use to limit traffic from containers and hosts was planned for End of Support in this release v31.00.129. The deprecation notice is now extended until the next major release code named O’Neal (v32.0.xxx). The configuration settings on the console (

Compute > Defend > CNNS

) and the corresponding APIs for CNNS will be dropped in v32.0.xxx.

Radar has a container and a host view, where you can view the network topology for your containerized apps and hosts respectively, and this will continue to be available.

List of API endpoints that are no longer supported:

Scanning your code repositories from the Prisma Cloud Compute Console at

Compute > Monitor> Vulnerabilities > Code repositories

and use of Twistcli for code repo scanning was planned for End of Support in this release v31.00.129. The deprecation notice is now extended until the next major release code named O’Neal (v32.0.xxx), when the support will be dropped.

You must now use the

Code Security

capabilities on Prisma Cloud to scan IaC templates, code repositories, and CI pipelines for misconfigurations and vulnerabilities.

Starting with 31.00, the value in the field

type

for an object returned in the API endpoint response

GET, api/vVERSION/registry

is now

registry

instead of

image

.

31.00 and onwards:

type shared.ScanType Possible values: [registry,ciImage,container,host,agentlessHost,registry,serverlessScan,ciServerless,vm,tas,ciTas,cloudDiscovery,serverlessRadar,serverlessAutoDeploy,hostAutoDeploy,codeRepo,ciCodeRepo]

30.03 and earlier:

type shared.ScanType Possible values: [image,ciImage,container,host,agentlessHost,registry,serverlessScan,ciServerless,vm,tas,ciTas,cloudDiscovery,serverlessRadar,serverlessAutoDeploy,hostAutoDeploy,codeRepo,ciCodeRepo]