topic Re: How it works Application Security: Software Composition Analysis (SCA), Secrets Security Secrets Security in Prisma Cloud Discussions

How it works Application Security: Software Composition Analysis (SCA), Secrets Security Secrets Security

O.Chentsov — Tue, 11 Feb 2025 08:07:03 GMT

Hello, here's the story:
We have an integration with Git-Lab, and recently the access token expired. We have reintegrated Git-Lab with Prisma, and we noticed that the vulnerabilities that were there a long time ago have disappeared, but not all of them.
Can anyone explain why this is happening?

(the information says that the scan is running)

As the official documentation says:
"For each vulnerability identified in an SCA scan, Prisma Cloud contextualizes it as a Common Vulnerabilities and Exposures (CVE) for open source package managers."

Re: How it works Application Security: Software Composition Analysis (SCA), Secrets Security Secrets Security

JNeytchev — Tue, 11 Feb 2025 15:36:32 GMT

Hi O.Chentsov,

I am not sure I am following your question. Did you re-integrate your Gitlab with Prisma with a renewed token?

Are you asking why the re-integrated Gitlab is showing less findings than before?
Can you please elaborate?

Re: How it works Application Security: Software Composition Analysis (SCA), Secrets Security Secrets Security

O.Chentsov — Tue, 11 Feb 2025 16:02:16 GMT

Yes, of course 🙂

Yes, I have re-integrated my access token and everything seems to be fine, the status of the repositories on Prisma is green and the scan information is displayed when I scan them.
But previously, in Application Security > Code > Projects, I had selected the repositories I needed and set the code categories: Vulnerabilities, Secrets and saw the presence of about 170 critical vulnerabilities in packages and images. But after I reintegrated GitLab, those 170 vulnerabilities just disappeared.

And I had a question. Could they be outdated and simply disappear after reintegration?