https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/prisma-cloud-scan-github-action-permissions/m-p/1221021#M1435 <P>It's working, thank you!</P> Wed, 19 Feb 2025 23:42:06 GMT NPalmer2 2025-02-19T23:42:06Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/prisma-cloud-scan-github-action-permissions/m-p/1220613#M1433 <P>Hello,</P> <P>&nbsp;</P> <P>I'm trying to setup a Github workflow using the prisma-cloud-scan action&nbsp;<A href="https://github.com/PaloAltoNetworks/prisma-cloud-scan" target="_blank">https://github.com/PaloAltoNetworks/prisma-cloud-scan</A></P> <P>&nbsp;</P> <P>I've created a service account in Prisma Cloud but the permissions that are required aren't documented anywhere.</P> <P>&nbsp;</P> <P>I get the following error when running a scan:</P> <P>[error]Image scan failed: Unexpected HTTP response: 403</P> <P>&nbsp;</P> <P>Any help would be appreciated.</P> <P>&nbsp;</P> <P>Kind regards,</P> <P>N.</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 17 Feb 2025 05:13:27 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/prisma-cloud-scan-github-action-permissions/m-p/1220613#M1433 NPalmer2 2025-02-17T05:13:27Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/prisma-cloud-scan-github-action-permissions/m-p/1221018#M1434 <DIV id="1739994662.605949" class="c-virtual_list__item" tabindex="0" role="listitem" aria-setsize="-1" data-qa="virtual-list-item" data-item-key="1739994662.605949"> <DIV class="c-message_kit__background p-message_pane_message__message c-message_kit__message" role="presentation" data-qa="message_container" data-qa-unprocessed="false" data-qa-placeholder="false"> <DIV class="c-message_kit__hover" role="document" aria-roledescription="message" data-qa-hover="true"> <DIV class="c-message_kit__actions c-message_kit__actions--default"> <DIV class="c-message_kit__gutter"> <DIV class="c-message_kit__gutter__right" role="presentation" data-qa="message_content"> <DIV class="c-message_kit__blocks c-message_kit__blocks--rich_text"> <DIV class="c-message__message_blocks c-message__message_blocks--rich_text" data-qa="message-text"> <DIV class="p-block_kit_renderer" data-qa="block-kit-renderer"> <DIV class="p-block_kit_renderer__block_wrapper p-block_kit_renderer__block_wrapper--first"> <DIV class="p-rich_text_block" dir="auto"> <DIV class="p-rich_text_section">Hello,&nbsp;</DIV> <DIV class="p-rich_text_section"> <DIV id="1739994662.605949" class="c-virtual_list__item" tabindex="0" role="listitem" aria-setsize="-1" data-qa="virtual-list-item" data-item-key="1739994662.605949"> <DIV class="c-message_kit__background p-message_pane_message__message c-message_kit__message" role="presentation" data-qa="message_container" data-qa-unprocessed="false" data-qa-placeholder="false"> <DIV class="c-message_kit__hover" role="document" aria-roledescription="message" data-qa-hover="true"> <DIV class="c-message_kit__actions c-message_kit__actions--default"> <DIV class="c-message_kit__gutter"> <DIV class="c-message_kit__gutter__right" role="presentation" data-qa="message_content"> <DIV class="c-message_kit__blocks c-message_kit__blocks--rich_text"> <DIV class="c-message__message_blocks c-message__message_blocks--rich_text" data-qa="message-text"> <DIV class="p-block_kit_renderer" data-qa="block-kit-renderer"> <DIV class="p-block_kit_renderer__block_wrapper p-block_kit_renderer__block_wrapper--first"> <DIV class="p-rich_text_block" dir="auto"> <DIV class="p-rich_text_section">The build and deploy security role has the least privilege to run the CI plugins and scans<SPAN class="c-message__edited_label" data-sk="tooltip_parent">&nbsp;</SPAN></DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> <DIV class="p-rich_text_section">For the service account permissions that are required can be found below:&nbsp;</DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> <DIV id="1739994664.077499" class="c-virtual_list__item" tabindex="-1" role="listitem" aria-setsize="-1" data-qa="virtual-list-item" data-item-key="1739994664.077499"> <DIV class="c-message_kit__background p-message_pane_message__message c-message_kit__message" role="presentation" data-qa="message_container" data-qa-unprocessed="false" data-qa-placeholder="false"> <DIV class="c-message_kit__hover" role="document" aria-roledescription="message" data-qa-hover="true"> <DIV class="c-message_kit__actions c-message_kit__actions--above"> <DIV class="c-message_kit__gutter"> <DIV class="c-message_kit__gutter__right" role="presentation" data-qa="message_content"> <DIV class="c-message_kit__blocks c-message_kit__blocks--rich_text"> <DIV class="c-message__message_blocks c-message__message_blocks--rich_text" data-qa="message-text"> <DIV class="p-block_kit_renderer" data-qa="block-kit-renderer"> <DIV class="p-block_kit_renderer__block_wrapper p-block_kit_renderer__block_wrapper--first"> <DIV class="p-rich_text_block" dir="auto"> <DIV class="p-rich_text_section"><A class="c-link" href="https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/prisma-cloud-admin-permissions" target="_blank" rel="noopener noreferrer" data-stringify-link="https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/prisma-cloud-admin-permissions" data-sk="tooltip_parent">https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/prisma-cloud-admin-permissions</A></DIV> <DIV class="p-rich_text_section">Thanks,&nbsp;</DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> Wed, 19 Feb 2025 22:41:33 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/prisma-cloud-scan-github-action-permissions/m-p/1221018#M1434 LMegrelis 2025-02-19T22:41:33Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/prisma-cloud-scan-github-action-permissions/m-p/1221021#M1435 <P>It's working, thank you!</P> Wed, 19 Feb 2025 23:42:06 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/prisma-cloud-scan-github-action-permissions/m-p/1221021#M1435 NPalmer2 2025-02-19T23:42:06Z