Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

What is Changing for CI/CD Plugins?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
L4 Transporter

prisma-cloud-ci-cd_LIVEcommunity.jpg

 

By Grant Voss, Customer Success Engineer

 

The latest acquisition of Bridgecrew is going to bring a lot of great things for our customers. Primarily in the “Shift-Left” categories which will help solidify those same great features that Prisma Cloud provides, but with a broader and more refined use. Because of this, there will be some CI/CD Plugins that Prisma Cloud currently uses that will either be replaced or modified. 

 

Prisma Cloud Plugins

 

Prisma Cloud plugins enable you to check your DevOps infrastructure as code (IaC) templates for security misconfigurations, scan container images to proactively vulnerabilities, scan code dependencies for vulnerabilities and license issues, as well as detect exposed secrets.

 

The plugins or extensions as called on some environments, scan your templates against Prisma Cloud IaC policies to ensure compliance with security best practices before you deploy it into the cloud infrastructure. These plugins enable you to stay secure while being agile because they make it easy to scan your files, review any potential security issues, fix and validate code before you check it into your source control repository or integrate it in your CI/CD pipeline.

 

IaC functionality present in the product today will be replaced by a Prisma "cloud application security" (CAS) module that delivers Bridgecrew integration in the Prisma Cloud Enterprise Edition.  The Prisma "cloud application security" (CAS) module is available now as a Prisma Cloud Enterprise Edition subscription and integration, can be enabled in Prisma Cloud under’ Settings’ > ‘Providers’.

 

Here is a list of the current Prisma Cloud Plugins and what will be changing 

 

INTEGRATION

CATEGORY

MARKETPLACE

WHAT IS CHANGING

AWS DevOps

RPrasadi_14-1643330846677.png

 

CI/CD

GitHub repository

Switch to the Prisma "cloud application security" (CAS) module

Azure DevOps

RPrasadi_15-1643330846679.png

 

CI/CD

Azure Visual Studio Marketplace

Switch to the Prisma "cloud application security" (CAS) module

Bitbucket

RPrasadi_16-1643330846686.gif

 

SCM and CI/CD

 

Switch to the Prisma "cloud application security" (CAS) module

CircleCI

RPrasadi_17-1643330846685.png

 

CI/CD

Circle CI Orb Registry

Switch to the Prisma "cloud application security" (CAS) module

GitHub

RPrasadi_18-1643330846687.png

 

SCM

GitHub Marketplace

Switch to the Prisma "cloud application security" (CAS) module

GitHub Actions

RPrasadi_19-1643330846762.png

 

CI/CD

GitHub Marketplace

Switch to the Prisma "cloud application security" (CAS) module

GitLab

RPrasadi_20-1643330846709.png

 

SCM and CI/CD

Switch to the Prisma "cloud application security" (CAS) module

IntelliJ IDEA

RPrasadi_21-1643330846693.png

 

IDE

Intellij Marketplace

Switch to the Prisma "cloud application security" (CAS) module

Jenkins

RPrasadi_22-1643330846698.png

 

CI/CD

Get the plugin from the Prisma Cloud administrative console ( Compute> Manage > System > Downloads)

Switch to the Prisma "cloud application security" (CAS) module

 

Jenkins Marketplace

Switch to the Prisma "cloud application security" (CAS) module

Visual Studio Code

RPrasadi_23-1643330846693.png

 

IDE

VS Code Marketplace

IDE Documentation

Switch to the Prisma "cloud application security" (CAS) module

Figure 1: Prisma Cloud Integrations_PaloAltoNetworks

 

IAC Scanning

 

Additionally, with the Prisma "cloud application security" (CAS) module will "replace" the legacy IaC service available in the product, we’re recommending customers to look into Checkov,  an open-source command line interface (CLI) utility that includes more than 750 predefined policies and supports custom policies. I will provide the links at the bottom of the page for your reference but other great things with this tool is that it integrates nicely with some existing CI/CD providers, like:

 
 

unnamed.png

Figure 2: CI/CD Providers_PaloAltoNetworks

 

In addition to integrating with your code repository, Checkov can also integrate with your automated build pipeline via CI/CD providers. When your build tests run, Checkov will scan your infrastructure as code files for misconfigurations and you can review the output directly in your CI pipeline.

 

 

References

 

https://www.checkov.io/

https://www.checkov.io/1.Welcome/Feature%20Descriptions.html#integrating-with-cicd

About The Author

 

RPrasadi_25-1643330846699.png

  • 3398 Views
  • 0 comments
  • 5 Likes
Register or Sign-in
Labels
Top Liked Authors