Prisma Cloud - Bridgecrew Integration

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
L4 Transporter

This post was written by Priyank Patel (@pripatel).


Prisma Cloud - Bridgecrew Integration

 

We at Palo Alto Networks are very excited about our newest acquisition and the leader in IaC and DevSecOps security - Bridgecrew. While the new Cloud code security module will "replace" the legacy IaC service available in the product, we are still focused primarily on shift-left technologies, so we will still have the great features as before but with a more refined process .You are probably wondering what this means for you, and I will highlight the features of Bridgecrew and how to integrate your GitHub repository within Bridgecrew. 

 

What is DevSecOps?

 

Before we dive right into Bridgecrew, some of you may be wondering, “what is DevSecOps?” DevSecOps lies in the DevOps movement, where the development and operations merge into one process to make deployments faster, safer, and repeatable. This can include practices such as automated infrastructure build pipelines, in other words CI/CD and using version controlled manifests such as GitHub to make it easier to control cloud deployments. The benefits of DevSecOps is the ability to have your software and infrastructure quality requirements into the release lifecycle, so this way your team can save time by not having to manually review code, in turn allowing them to focus more on the shipping features

By leveraging DevOps foundations, security and development teams can build security scanning and policy enforcement into automated pipelines. The ultimate goal with DevSecOps is to “shift cloud security left.” That means automating it and embedding it earlier into the development lifecycle so that actions can be taken earlier. Proactively preventing risky deployments avoids slowing down development teams with deployment rollbacks and disruptive fixes later in the software development lifecycle.

RPrasadi_0-1640820142807.png

 

What Is Bridgecrew?

The Bridgecrew by Prisma Cloud platform automates security engineering, allowing teams to identify and fix misconfigurations in run-time and build-time automatically. And the best part, you can access your IaC scans and repositories right from the Prisma Cloud UI. Below are some of the highlights and features behind Bridgecrew and what this acquisition means to you and your organization. 

Automate Manual Security Tasks

Bridgecrew is making it easier for security practitioners to work closely with development and operations teams to securely grow from initial migration through day-to-day management.

Fix Broken and Vulnerable Infrastructure

Bridgecrew automates the actions required to find and fix misconfigurations.

Prevent Developer Configuration Errors

Bridgecrew makes sure development teams adhere to best practices that ensure cloud infrastructure security, compliance, and scalability.

RPrasadi_1-1640820142666.png

 



Embedding Infrastructure Security Throughout the DevOps Lifecycle

 

RPrasadi_2-1640820142778.png

 

Find cloud misconfigurations and security errors

  • Powered by open source and community
  • Both build-time and run-time

Fix Broken and Vulnerable Infrastructure

  • Merge-ready pull requests
  • Transform cloud misconfigurations into secure code and detect drift

Prevent Developer Configuration Errors

  • Enforce policy-as-code across all configurations
  • Streamlined into developer workflows

 

How To Integrate GitHub

Now that you are a bit more familiar with Bridgecrew, let's walk you through the process of integrating your GitHub repository within the Prisma Cloud platform. Integrating Github allows Bridgecrew Cloud to:

  • Include your Infrastructure-as-Code files in daily scans
  • Scan changed resources in Infrastructure-as-Code files for every new build generated, (before it is merged to the main branch) and provide an actionable view of the results via GitHub checks
  • Display compliance badges for your repositories 
  • Open Pull Requests when you Remediate build time Incidents in your main branch 




 

Step 1: 

 

To get started, head over to Settings > Repositories. Here you will see all your integrations once you have completed steps 2 and onward. Any code repository or CI/CD Systems you add

RPrasadi_3-1640820142783.png

 

will show up on this page. 

 

 

Step 2: 

 

Select GitHub. Once you click Add Repository, you will be greeted with a page that shows all the different integration options available to you. For example, you have the option to integrate your CI/CD Systems such as Jenkins or another type of Code Repository such as BitBucket. Each one is very straight forward as our UI walks you through the steps. For this blog we will focus on the GitHub integration.  

RPrasadi_4-1640820142780.png

 

 

Step 3:

Configure your account by choosing a GitHub organization. A GitHub Settings page will open. 

 

RPrasadi_5-1640820142722.png

 

Step 4: 

 

Login to GitHub and select all the repositories you want for IaC scanning and hit save.

 

RPrasadi_6-1640820142721.png

 

 

Step 5: 

 

Once you hit save you will be redirected to the Prisma Cloud console. From here select the repository and hit next. When the message "New account successfully configured" appears, select Done.

RPrasadi_7-1640820142673.png

 

RPrasadi_8-1640820142698.png

 



Once you have successfully integrated GitHub, navigate to the Code tab in Prisma Cloud, and at the top you will see a drop down and in that drop down list you will see your GitHub repository. From here you will be able to see any misconfigurations in your repository, details, and the ability to suppress or fix these issues. 

RPrasadi_9-1640820142782.png

 

 

My favorite part about all of this is how easy and seamless the integrations are and how easy it is to fix my misconfigurations, being able to do all of that right from the Prisma Cloud console. For DevSecOps to be successful for teams working to build and secure infrastructure, embracing existing tools and workflows is critical. We are committed to making it as simple, effective, and painless as possible to automate cloud security and integrate it seamlessly into release lifecycles.

 

This post was written by Priyank Patel (@pripatel).

 

 

RPrasadi_10-1640820142926.png

 

Register or Sign-in
Labels