Prisma Cloud CI/CD run for Github action

dergin.tiritoglu · ‎11-11-2024

I am trying to setup a Prisma Cloud CI/CD run integration with Github action to do security scanning and show results on Prisma Cloud.

as per instruction. I have setup and API key. Followed the wizard, Connecdt Provider, code & build providers, chose GitHub Actions.

Setup the GitHub Action with configuration described on the wizard. I have setup an environment secret for the github action as follow.

Variable: BC_API_KEY

For the value PRISMA_ACCESS_KEY::PRISMA_SECRET_KEY

I have replaced the PRISMA_ACCESS_KEY with access key ID of the API key and PRISMA_SECRET_KEY with the Secret Key of the API key

so my variable on Github action is like

BC_API_KEY

Value: 4cxxxxxx-4xxxxxxx-7xxxxxxx:: 23xxxxxxxxx

github actions runs just fine but nothing appears on Prisma Cloud under CiCD Runs.

Any idea? The github action yaml file pretty standard one as below.

name: Prisma Cloud IaC Scan

on:
push:
branches: [ "main" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "main" ]
schedule:
- cron: '16 19 * * 0'

permissions:
contents: read

jobs:
prisma_cloud_iac_scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
runs-on: ubuntu-latest
name: Run Prisma Cloud IaC Scan to check
steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Run Prisma Cloud
id: prisma-cloud
uses: bridgecrewio/checkov-action@master
env:
PRISMA_API_URL: https://api.eu.prismacloud.io
with:
api-key: ${{ secrets.BC_API_KEY }}

LMegrelis · ‎11-13-2024

To troubleshoot the missing Prisma Cloud CI/CD scan results despite a successful GitHub Actions workflow, please verify the following:

Prisma Cloud Access Key Configuration: Ensure your Prisma Cloud access key is correctly configured as a GitHub secret named
PRISMA_ACCESS_KEY
and PRISMA_SECRET_KEY
containing the Key ID and Secret, respectively. The format should be
PRISMA_ACCESS_KEY::PRISMA_SECRET_KEY
Checkov Action Configuration: Double-check that your
checkov-action
within the GitHub Actions workflow correctly uses the environment secret. The api-key parameter should reference the secret using the syntax ${{ secrets.PRISMA_ACCESS_KEY }}. Also, ensure the PRISMA_API_URL is correctly set to the appropriate URL for your Prisma Cloud environment (e.g.,
https://api2.prismacloud.io
Allow List Configuration: Verify that the Prisma Cloud IP addresses and hostname for Application Security are added to your GitHub Actions allow list to enable access to the Prisma Cloud console.
Administrator Permissions: Confirm that the Prisma user associated with the access key has Administrator permissions in Prisma Cloud.
GitHub Actions Workflow Trigger: Ensure your GitHub Actions workflow is correctly triggered and runs successfully. Check the workflow logs for any errors.
Prisma Cloud Console Verification: After running the workflow, wait up to three minutes for the status to update in the Prisma Cloud console. Navigate to Home > Settings > CI/CD Runs to check for your integrated GitHub Actions repositories. If the repository is not listed, check the Prisma Cloud logs for any errors.
Checkov Action Version: Use the latest version of the bridgecrewio/checkov-actionto ensure compatibility and access to the latest features and bug fixes.

If the issue persists after verifying these steps, please contact Palo Alto Networks support for further assistance.

Unlock your full community experience!

Prisma Cloud CI/CD run for Github action

Prisma Cloud CI/CD run for Github action

Show your appreciation!