Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

What is Changing for CI/CD Plugins?

By Grant Voss, Customer Success Engineer

The latest acquisition of Bridgecrew is going to bring a lot of great things for our customers. Primarily in the “Shift-Left” categories which will help solidify those same great features that Prisma Cloud provides, but with a broader and more refined use. Because of this, there will be some CI/CD Plugins that Prisma Cloud currently uses that will either be replaced or modified.

Prisma Cloud Plugins

Prisma Cloud plugins enable you to check your DevOps infrastructure as code (IaC) templates for security misconfigurations, scan container images to proactively vulnerabilities, scan code dependencies for vulnerabilities and license issues, as well as detect exposed secrets.

The plugins or extensions as called on some environments, scan your templates against Prisma Cloud IaC policies to ensure compliance with security best practices before you deploy it into the cloud infrastructure. These plugins enable you to stay secure while being agile because they make it easy to scan your files, review any potential security issues, fix and validate code before you check it into your source control repository or integrate it in your CI/CD pipeline.

IaC functionality present in the product today will be replaced by a Prisma "cloud application security" (CAS) module that delivers Bridgecrew integration in the Prisma Cloud Enterprise Edition. The Prisma "cloud application security" (CAS) module is available now as a Prisma Cloud Enterprise Edition subscription and integration, can be enabled in Prisma Cloud under’ Settings’ > ‘Providers’.

Here is a list of the current Prisma Cloud Plugins and what will be changing

INTEGRATION	CATEGORY	MARKETPLACE	WHAT IS CHANGING
AWS DevOps	CI/CD	GitHub repository	Switch to the Prisma "cloud application security" (CAS) module
Azure DevOps	CI/CD	Azure Visual Studio Marketplace	Switch to the Prisma "cloud application security" (CAS) module
Bitbucket	SCM and CI/CD		Switch to the Prisma "cloud application security" (CAS) module
CircleCI	CI/CD	Circle CI Orb Registry	Switch to the Prisma "cloud application security" (CAS) module
GitHub	SCM	GitHub Marketplace	Switch to the Prisma "cloud application security" (CAS) module
GitHub Actions	CI/CD	GitHub Marketplace	Switch to the Prisma "cloud application security" (CAS) module
GitLab	SCM and CI/CD	—	Switch to the Prisma "cloud application security" (CAS) module
IntelliJ IDEA	IDE	Intellij Marketplace	Switch to the Prisma "cloud application security" (CAS) module
Jenkins	CI/CD	Get the plugin from the Prisma Cloud administrative console ( Compute> Manage > System > Downloads)	Switch to the Prisma "cloud application security" (CAS) module
Jenkins		Jenkins Marketplace	Switch to the Prisma "cloud application security" (CAS) module
Visual Studio Code	IDE	VS Code Marketplace IDE Documentation	Switch to the Prisma "cloud application security" (CAS) module

Figure 1: Prisma Cloud Integrations_PaloAltoNetworks

IAC Scanning

Additionally, with the Prisma "cloud application security" (CAS) module will "replace" the legacy IaC service available in the product, we’re recommending customers to look into ‘Checkov’, an open-source command line interface (CLI) utility that includes more than 750 predefined policies and supports custom policies. I will provide the links at the bottom of the page for your reference but other great things with this tool is that it integrates nicely with some existing CI/CD providers, like:

Figure 2: CI/CD Providers_PaloAltoNetworks

In addition to integrating with your code repository, Checkov can also integrate with your automated build pipeline via CI/CD providers. When your build tests run, Checkov will scan your infrastructure as code files for misconfigurations and you can review the output directly in your CI pipeline.