We at Palo Alto Networks are very excited about our newest acquisition and the leader in IaC and DevSecOps security - Bridgecrew. While the new Cloud code security module will "replace" the legacy IaC service available in the product, we are still focused primarily on shift-left technologies, so we will still have the great features as before but with a more refined process .You are probably wondering what this means for you, and I will highlight the features of Bridgecrew and how to integrate your GitHub repository within Bridgecrew.
What is DevSecOps?
Before we dive right into Bridgecrew, some of you may be wondering, “what is DevSecOps?” DevSecOps lies in the DevOps movement, where the development and operations merge into one process to make deployments faster, safer, and repeatable. This can include practices such as automated infrastructure build pipelines, in other words CI/CD and using version controlled manifests such as GitHub to make it easier to control cloud deployments. The benefits of DevSecOps is the ability to have your software and infrastructure quality requirements into the release lifecycle, so this way your team can save time by not having to manually review code, in turn allowing them to focus more on the shipping features.
By leveraging DevOps foundations, security and development teams can build security scanning and policy enforcement into automated pipelines. The ultimate goal with DevSecOps is to “shift cloud security left.” That means automating it and embedding it earlier into the development lifecycle so that actions can be taken earlier. Proactively preventing risky deployments avoids slowing down development teams with deployment rollbacks and disruptive fixes later in the software development lifecycle.
Figure 1: Bridgecrew_palo-alto-networks
What Is Bridgecrew?
The Bridgecrew by Prisma Cloud platform automates security engineering, allowing teams to identify and fix misconfigurations in run-time and build-time automatically. And the best part, you can access your IaC scans and repositories right from the Prisma Cloud UI. Below are some of the highlights and features behind Bridgecrew and what this acquisition means to you and your organization.
Bridgecrew is making it easier for security practitioners to work closely with development and operations teams to securely grow from initial migration through day-to-day management.
Bridgecrew automates the actions required to find and fix misconfigurations.
Bridgecrew makes sure development teams adhere to best practices that ensure cloud infrastructure security, compliance, and scalability.
Figure 2: Lifecycle_palo-alto-networks
Embedding Infrastructure Security Throughout the DevOps Lifecycle
Figure 3: Embedding Lifecycle_palo-alto-networks
Now that you are a bit more familiar with Bridgecrew, let's walk you through the process of integrating your GitHub repository within the Prisma Cloud platform. Integrating Github allows Bridgecrew Cloud to:
Step 1:
To get started, head over to Settings >Code Repositories. Here you will see all your integrations once you have completed steps 2 and onward. Any code repository or CI/CD Systems you add will show up on this page.
Figure 4: Code Repositories_palo-alto-networks
Step 2:
In the top right select Connect Provider > Code and Build provider. Select GitHub. Once you click Add Repository, you will be greeted with a page that shows all the different integration options available to you. For example, you have the option to integrate your CI/CD Systems such as Jenkins or another type of Code Repository such as BitBucket. Each one is very straight forward as our UI walks you through the steps. For this blog we will focus on the GitHub integration.
Figure 5: Connect Providers_palo-alto-networks
Step 3:
Configure your account by choosing a GitHub organization. A GitHub Settings page will open.
Figure 6: Configure Account_palo-alto-networks
Step 4:
Login to GitHub and select all the repositories you want for IaC scanning and hit save.
Figure 7: IaC_palo-alto-networks
Step 5:
Once you hit save you will be redirected to the Prisma Cloud console. From here select the repository and hit next. When the message "New account successfully configured" appears, select Done.
Figure 8: Integrate Github_palo-alto-networks
Figure 9: Integrate Status_palo-alto-networks
Once you have successfully integrated GitHub, navigate to the Code tab in Prisma Cloud, and at the top you will see a drop down and in that drop down list you will see your GitHub repository. From here you will be able to see any misconfigurations in your repository, details, and the ability to suppress or fix these issues.
Figure 10: Code Tab_palo-alto-networks
My favorite part about all of this is how easy and seamless the integrations are and how easy it is to fix my misconfigurations, being able to do all of that right from the Prisma Cloud console. For DevSecOps to be successful for teams working to build and secure infrastructure, embracing existing tools and workflows is critical. We are committed to making it as simple, effective, and painless as possible to automate cloud security and integrate it seamlessly into release lifecycles.
This post was written by Priyank Patel (@pripatel).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
| Subject | Likes |
|---|---|
| 3 Likes | |
| 3 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes |
| User | Likes Count |
|---|---|
| 9 | |
| 4 | |
| 3 | |
| 2 | |
| 2 |
