The latest acquisition of Bridgecrew is going to bring a lot of great things for our customers. Primarily in the “Shift-Left” categories which will help solidify those same great features that Prisma Cloud provides, but with a broader and more refined use. Because of this, there will be some CI/CD Plugins that Prisma Cloud currently uses that will either be replaced or modified.
Prisma Cloud Plugins
Prisma Cloud plugins enable you to check your DevOps infrastructure templates for security misconfigurations and scan container images to proactively prevent issues by shifting left.
The plugins or extensions as called on some environments, scan your templates against Prisma Cloud IaC policies to ensure compliance with security best practices before you deploy it into the cloud infrastructure. These plugins enable you to stay secure while being agile because they make it easy to scan your files, review any potential security issues, fix and validate code before you check it into your source control repository or integrate it in your CI/CD pipeline.
IaC functionality present in the product today will be replaced by a Prisma "cloud code security" (CCS) module that delivers Bridgecrew integration in the Prisma Cloud. Existing IaC customers who have done at least 10 scans in the last 45 days will have till March 31, 2022 to switch to the Prisma "cloud code security" (CCS) module. The Prisma "cloud code security" (CCS) module is available now and can be enabled in Prisma Cloud under’ Settings’ > ‘Repositories’.
Here is a list of the current Prisma Cloud Plugins and what will be changing
Switch to the Prisma "cloud code security" (CCS) module
Additionally, with the Prisma "cloud code security" (CCS) module will "replace" the legacy IaC service available in the product, we’re recommending customers to look into ‘Checkov’, an open-source command line interface (CLI) utility that includes more than 750 predefined policies and supports custom policies. I will provide the links at the bottom of the page for your reference but other great things with this tool is that it integrates nicely with some existing CI/CD providers, like:
In addition to integrating with your code repository, Checkov can also integrate with your automated build pipeline via CI/CD providers. When your build tests run, Checkov will scan your infrastructure as code files for misconfigurations and you can review the output directly in your CI pipeline.