menu
arrow_back

Prisma Cloud Scan CI/CD Pipeline Jenkins and Code Repo Github

search share Teilnehmen Anmelden

Prisma Cloud Scan CI/CD Pipeline Jenkins and Code Repo Github

1 Stunde 45 Minuten 1 Guthabenpunkt

This lab was developed with our partner, Palo Alto Networks. Your personal information may be shared with Palo Alto Networks, the lab sponsor, if you have opted in to receive product updates, announcements, and offers in your Account Profile.

GSP830

Google Cloud Self-Paced Labs

Overview

Most modern organizations realize the value of shifting security left in the development lifecycle — especially as applications are becoming collections of microservices and functions, and everything is getting defined as code. Developers use a vast array of tools to build and deploy cloud native applications, and operationalizing security controls that work seamlessly across these tools remains a challenge. Prisma Cloud enables you to check your DevOps infrastructure templates for security misconfigurations and scan container images to proactively prevent issues by shifting left.

Prisma Cloud provides a Jenkins plugin that lets you incorporate vulnerability and compliance scanning into your continuous integration pipeline. The plugin scans container images and serverless functions. Prisma Cloud can pass or fail builds, depending on the types of issues discovered, and the policies set in Console. By incorporating scanning into the build phase of the development workflow, developers get immediate feedback about what needs to be fixed. The scan report provides all the information required to fix the vulnerabilities.

Prisma Cloud can scan GitHub repositories and identify vulnerabilities in your software's dependencies. Modern apps are increasingly composed of external, open source dependencies, so it's important to give developers tools to assess those components early in the development lifecycle. Repository scanning gives you early insight into the software as it's being developed, and long before apps are packaged (e.g. as a container) and deployed by CI/CD pipelines. Currently, Prisma Cloud supports Python, Java, and JavaScript (Node.js).

In this lab you will use Prisma Cloud Compute to scan an image at build time within Jenkins on a Google Kubernetes Engine (GKE) cluster for vulnerabilities and compliance issues, as well as your Github code repo for vulnerabilities and compliance issues.

What you'll do in the lab:

Deploy Prisma Cloud Compute

  • Deploy Prisma Cloud Compute on the GKE Cluster

Securing CI/CD Pipeline - Jenkins

  • Download the Prisma Cloud Compute Jenkins plugin
  • Setup a Jenkins deployment
  • Install the Prisma Cloud Compute Jenkins plugin
  • Build and Scan an image in the pipeline
  • View the scan results
  • Change the vulnerability threshold and observe the change in the scan result

Scan Code Repo - Github

  • Prepare Github

  • Add GitHub credentials

  • Fork private repositories with key vulnerabilities

  • Generate GitHub access token and setup webhook in advance

  • Onboard repositories that have vulnerabilities

  • Setup a vulnerability rule

  • Review the details of vulnerabilities detected

  • Commit a code with new vulnerability and detect it in the repository

Wenn Sie sich in Qwiklabs anmelden, erhalten Sie Zugriff auf den Rest des Labs – und mehr!

  • Sie erhalten vorübergehenden Zugriff auf Google Cloud Console.
  • Mehr als 200 Labs für Einsteiger und Experten.
  • In kurze Sinneinheiten eingeteilt, damit Sie in Ihrem eigenen Tempo lernen können.
Beitreten, um dieses Lab zu starten