Code Security

Prisma® Cloud delivers automated security for cloud native infrastructure and applications, integrated with developer tools

Code Security Front
Code Security Back

Protecting Data and AI in 2024: What CISOs Need to Know

Stay one step ahead of data risk in 2024.

Cloud-native application development is fast-paced and complex. It can be a challenge for security teams to keep up. However, several DevOps best practices present an opportunity to use automation to secure apps and infrastructure from code to cloudTM, alleviating that pressure.

A single tool for securing code across all modern architectures and software supply chains.

Prisma Cloud embeds comprehensive security across the software development cycle. The platform identifies vulnerabilities, misconfigurations, compliance violations and exposed secrets earlier in the development lifecycle. With scanning support for IaC templates, container images, open source packages and delivery pipelines, Prisma Cloud provides code security backed by an open source community and years of expertise and threat research. With connected visibility and policy controls, engineering teams can secure their full stack without leaving their tools, while security teams can ensure that all deployed code is secure.
  • Support for multiple languages, runtimes and frameworks
  • Consistent controls from build time to runtime
  • Embedded in DevOps tooling
  • Infrastructure as Code (IaC) scanning
    Infrastructure as Code (IaC) scanning
  • Software composition analysis (SCA)
    Software composition analysis (SCA)
  • Secrets scanning
    Secrets scanning
  • Policy as Code
    Policy as Code
  • OSS license compliance
    OSS license compliance

THE PRISMA CLOUD SOLUTION

Our approach to Code Security

Infrastructure as code scanning

Infrastructure as code presents an opportunity to secure cloud infrastructure in code before it’s ever deployed to production. Prisma Cloud streamlines security throughout the software development lifecycle using automation and by embedding security into workflows in DevOps tooling for Terraform, CloudFormation, Kubernetes, Dockerfile, Serverless and ARM templates.

  • Automate cloud security scanning in code

    Add automated checks for misconfigurations and exposed secrets at every step of the software development lifecycle.

  • Leverage the power of open source and the community

    Checkov, the leading open source policy-as-code tool powering Prisma Cloud Infrastructure as Code Security, is backed by an active community and has been downloaded millions of times.

  • Embed code security feedback directly in developer tools

    Prisma Cloud comes with native integrations for IDEs, VCS, and CI/CD tooling to help developers ship secure code in their existing workflows.

  • Include deep context for misconfigurations

    Prisma Cloud automatically tracks dependencies for IaC resources as well as the most recent developer modifiers to improve collaboration in large teams.

  • Provide automated feedback and fixes in code

    Automate pull request comments for misconfigurations along with automated pull requests and commit fixes and Smart Fixes for identified misconfigurations.

Infrastructure as code scanning

Software composition analysis

The majority of modern application code is made up of open source dependencies. Lack of awareness of what dependencies are actually in use, and the fear of introducing breaking changes, leads to vulnerabilities going unremediated. Prisma Cloud integrates with developer tools to identify vulnerabilities in open source packages and their full dependency trees with support for flexible and granular bump fixes.

  • Leverage industry-leading sources for complete open source security confidence

    Prisma Cloud scans open source dependencies wherever they are and compares them against public databases like NVD and the Prisma Cloud Intelligence Stream to identify vulnerabilities.

  • Identify vulnerabilities at any dependency depth and in context

    Prisma Cloud ingests package manager data to extrapolate dependency trees to the furthest layer and connects infrastructure and application risks to prioritize remediations faster.

  • Integrate open source security across the development lifecycle

    Surface real-time vulnerability feedback to developers via IDEs and VCS pull/merge requests and block builds based on vulnerability thresholds to proactive keep your cloud-native environment secure.

  • Fix issues without introducing breaking changes

    Get the recommended smallest update to fix vulnerabilities in direct and transitive dependencies without the risk of breaking critical functions. Fix multiple issues at once with the flexibility of selecting granular versions per package.

Software Composition Analysis

Secrets security

It only takes bad actors a minute to find and abuse credentials exposed online. Identify secrets before production using Prisma Cloud. Find and remove secrets in IaC templates and container images in development environments and build time using signatures and heuristics.

  • Find secrets in nearly any file type

    Identify passwords and tokens in Infrastructure as Code templates, golden images, and Git repository configurations.

  • Surface secrets in developer tools

    Surface hardcoded secrets in code to developers early via IDEs, CLIs, pre-commit and in CI/CD tooling.

  • Multidimensional secrets scanning

    Use regular expressions, keywords or fine-tuned entropy-based identifiers to locate common and uncommon secrets.

Secrets scanning

Policy as code

Traditional security testing is performed by separate organizations using separate tools, creating siloed and difficult-to-replicate controls. Prisma Cloud offers policy-as-code to provide controls built into code that can be replicated, version-controlled and tested against live code repositories.

  • Build and control policies using code

    Define, test and version control check-lists, skip-lists and graph-based custom policies in Python and YAML for IaC templates.

  • Deploy and configure accounts and agents in code

    Use Terraform to onboard accounts, deploy agents and configure runtime policies, including ingestion and protection based on OpenAPI and Swagger files.

  • Leverage out of the box and custom policies for misconfigurations

    Prisma Cloud comes out of the box with hundreds of policies built in code and allows you to add custom policies for cloud resources and IaC templates.

  • Provide feedback directly on the code being written

    IaC templates have direct feedback with auto-fixes, pull/merge request comments, and pull/merge request auto-fixes.

Policy as code

OSS license compliance

Every company has its own acceptable use policies for open source licenses. Don’t wait until a manual compliance review to find out that an open source library isn’t compliant with your requirements. Prisma Cloud catalogs open source licenses for dependencies and can alert or block deployments based on customizable license policies.

  • Avoid costly open source license violations

    Surface feedback early, and block builds based on open source package license violations with support for all the popular languages and package managers.

  • Scan git and non-git repositories for issues

    Prisma Cloud has native integrations with version control systems like GitHub and Bitbucket but can scan any repository type using our command-line tool.

  • Use default rules or customize alerting and blocking

    Set alerting and blocking thresholds by license type to match internal requirements for copyleft and permissive licenses.

OSS license compliance

Code Security modules

Infrastructure as Code (IaC) Security

Automated IaC security embedded in developer workflows

Software Composition Analysis (SCA)

Highly accurate and context-aware open source security and license compliance

Secrets Security

Full-stack, multidimensional secrets scanning across repos and pipelines.

Featured Resources

Valuable Code Security documents