Prisma Cloud CI/CD run for Github action

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Prisma Cloud CI/CD run for Github action

I am trying to setup a Prisma Cloud CI/CD run integration with Github action to do security scanning and show results on Prisma Cloud.

as per instruction. I have setup and API key. Followed the wizard, Connecdt Provider, code & build providers, chose GitHub Actions.

 

Setup the GitHub Action with configuration described on the wizard. I have setup an environment secret for the github action as follow.

 

Variable: BC_API_KEY

 

For the value PRISMA_ACCESS_KEY::PRISMA_SECRET_KEY

I have replaced the PRISMA_ACCESS_KEY with access key ID of the API key and PRISMA_SECRET_KEY with the Secret Key of the API key

 

so my variable on Github action is like

 

 

BC_API_KEY

Value: 4cxxxxxx-4xxxxxxx-7xxxxxxx:: 23xxxxxxxxx

 

github actions runs just fine but nothing appears on Prisma Cloud under CiCD Runs.

 

Any idea? The github action yaml file pretty standard one as below.

 


name: Prisma Cloud IaC Scan

on:
push:
branches: [ "main" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "main" ]
schedule:
- cron: '16 19 * * 0'

permissions:
contents: read

jobs:
prisma_cloud_iac_scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
runs-on: ubuntu-latest
name: Run Prisma Cloud IaC Scan to check
steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Run Prisma Cloud
id: prisma-cloud
uses: bridgecrewio/checkov-action@master
env:
PRISMA_API_URL: https://api.eu.prismacloud.io
with:
api-key: ${{ secrets.BC_API_KEY }}

 

 

 

 

 

1 REPLY 1

L2 Linker

To troubleshoot the missing Prisma Cloud CI/CD scan results despite a successful GitHub Actions workflow, please verify the following:

  • Prisma Cloud Access Key Configuration: Ensure your Prisma Cloud access key is correctly configured as a GitHub secret named
    PRISMA_ACCESS_KEY
    and PRISMA_SECRET_KEY
    containing the Key ID and Secret, respectively. The format should be
    PRISMA_ACCESS_KEY::PRISMA_SECRET_KEY
  • Checkov Action Configuration: Double-check that your
    checkov-action
    within the GitHub Actions workflow correctly uses the environment secret. The api-key parameter should reference the secret using the syntax ${{ secrets.PRISMA_ACCESS_KEY }}. Also, ensure the PRISMA_API_URL is correctly set to the appropriate URL for your Prisma Cloud environment (e.g.,
  • Allow List Configuration: Verify that the Prisma Cloud IP addresses and hostname for Application Security are added to your GitHub Actions allow list to enable access to the Prisma Cloud console.
  • Administrator Permissions: Confirm that the Prisma user associated with the access key has Administrator permissions in Prisma Cloud.
  • GitHub Actions Workflow Trigger: Ensure your GitHub Actions workflow is correctly triggered and runs successfully. Check the workflow logs for any errors.
  • Prisma Cloud Console Verification: After running the workflow, wait up to three minutes for the status to update in the Prisma Cloud console. Navigate to Home > Settings > CI/CD Runs to check for your integrated GitHub Actions repositories. If the repository is not listed, check the Prisma Cloud logs for any errors.
  • Checkov Action Version: Use the latest version of the bridgecrewio/checkov-actionto ensure compatibility and access to the latest features and bug fixes.

If the issue persists after verifying these steps, please contact Palo Alto Networks support for further assistance.

  • 415 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!