Prisma Cloud Scan CI/CD Pipeline Jenkins and Code Repo Github

search share 가입 로그인

Prisma Cloud Scan CI/CD Pipeline Jenkins and Code Repo Github

1시간 45분 크레딧 1개

This lab was developed with our partner, Palo Alto Networks. Your personal information may be shared with Palo Alto Networks, the lab sponsor, if you have opted in to receive product updates, announcements, and offers in your Account Profile.


Google Cloud Self-Paced Labs


Most modern organizations realize the value of shifting security left in the development lifecycle — especially as applications are becoming collections of microservices and functions, and everything is getting defined as code. Developers use a vast array of tools to build and deploy cloud native applications, and operationalizing security controls that work seamlessly across these tools remains a challenge. Prisma Cloud enables you to check your DevOps infrastructure templates for security misconfigurations and scan container images to proactively prevent issues by shifting left.

Prisma Cloud provides a Jenkins plugin that lets you incorporate vulnerability and compliance scanning into your continuous integration pipeline. The plugin scans container images and serverless functions. Prisma Cloud can pass or fail builds, depending on the types of issues discovered, and the policies set in Console. By incorporating scanning into the build phase of the development workflow, developers get immediate feedback about what needs to be fixed. The scan report provides all the information required to fix the vulnerabilities.

Prisma Cloud can scan GitHub repositories and identify vulnerabilities in your software's dependencies. Modern apps are increasingly composed of external, open source dependencies, so it's important to give developers tools to assess those components early in the development lifecycle. Repository scanning gives you early insight into the software as it's being developed, and long before apps are packaged (e.g. as a container) and deployed by CI/CD pipelines. Currently, Prisma Cloud supports Python, Java, and JavaScript (Node.js).

In this lab you will use Prisma Cloud Compute to scan an image at build time within Jenkins on a Google Kubernetes Engine (GKE) cluster for vulnerabilities and compliance issues, as well as your Github code repo for vulnerabilities and compliance issues.

What you'll do in the lab:

Deploy Prisma Cloud Compute

  • Deploy Prisma Cloud Compute on the GKE Cluster

Securing CI/CD Pipeline - Jenkins

  • Download the Prisma Cloud Compute Jenkins plugin
  • Setup a Jenkins deployment
  • Install the Prisma Cloud Compute Jenkins plugin
  • Build and Scan an image in the pipeline
  • View the scan results
  • Change the vulnerability threshold and observe the change in the scan result

Scan Code Repo - Github

  • Prepare Github

  • Add GitHub credentials

  • Fork private repositories with key vulnerabilities

  • Generate GitHub access token and setup webhook in advance

  • Onboard repositories that have vulnerabilities

  • Setup a vulnerability rule

  • Review the details of vulnerabilities detected

  • Commit a code with new vulnerability and detect it in the repository

이 실습의 나머지 부분과 기타 사항에 대해 알아보려면 Qwiklabs에 가입하세요.

  • Google Cloud Console에 대한 임시 액세스 권한을 얻습니다.
  • 초급부터 고급 수준까지 200여 개의 실습이 준비되어 있습니다.
  • 자신의 학습 속도에 맞춰 학습할 수 있도록 적은 분량으로 나누어져 있습니다.
이 실습을 시작하려면 가입하세요