Prisma Cloud Scan CI/CD Pipeline Jenkins and Code Repo Github

search share Join Sign in

Prisma Cloud Scan CI/CD Pipeline Jenkins and Code Repo Github

1 hour 45 minutes 1 Credit

This lab was developed with our partner, Palo Alto Networks. Your personal information may be shared with Palo Alto Networks, the lab sponsor, if you have opted in to receive product updates, announcements, and offers in your Account Profile.


Google Cloud Self-Paced Labs


Most modern organizations realize the value of shifting security left in the development lifecycle — especially as applications are becoming collections of microservices and functions, and everything is getting defined as code. Developers use a vast array of tools to build and deploy cloud native applications, and operationalizing security controls that work seamlessly across these tools remains a challenge. Prisma Cloud enables you to check your DevOps infrastructure templates for security misconfigurations and scan container images to proactively prevent issues by shifting left.

Prisma Cloud provides a Jenkins plugin that lets you incorporate vulnerability and compliance scanning into your continuous integration pipeline. The plugin scans container images and serverless functions. Prisma Cloud can pass or fail builds, depending on the types of issues discovered, and the policies set in Console. By incorporating scanning into the build phase of the development workflow, developers get immediate feedback about what needs to be fixed. The scan report provides all the information required to fix the vulnerabilities.

Prisma Cloud can scan GitHub repositories and identify vulnerabilities in your software's dependencies. Modern apps are increasingly composed of external, open source dependencies, so it's important to give developers tools to assess those components early in the development lifecycle. Repository scanning gives you early insight into the software as it's being developed, and long before apps are packaged (e.g. as a container) and deployed by CI/CD pipelines. Currently, Prisma Cloud supports Python, Java, and JavaScript (Node.js).

In this lab you will use Prisma Cloud Compute to scan an image at build time within Jenkins on a Google Kubernetes Engine (GKE) cluster for vulnerabilities and compliance issues, as well as your Github code repo for vulnerabilities and compliance issues.

What you'll do in the lab:

Deploy Prisma Cloud Compute

  • Deploy Prisma Cloud Compute on the GKE Cluster

Securing CI/CD Pipeline - Jenkins

  • Download the Prisma Cloud Compute Jenkins plugin
  • Setup a Jenkins deployment
  • Install the Prisma Cloud Compute Jenkins plugin
  • Build and Scan an image in the pipeline
  • View the scan results
  • Change the vulnerability threshold and observe the change in the scan result

Scan Code Repo - Github

  • Prepare Github

  • Add GitHub credentials

  • Fork private repositories with key vulnerabilities

  • Generate GitHub access token and setup webhook in advance

  • Onboard repositories that have vulnerabilities

  • Setup a vulnerability rule

  • Review the details of vulnerabilities detected

  • Commit a code with new vulnerability and detect it in the repository

Join Qwiklabs to read the rest of this lab...and more!

  • Get temporary access to the Google Cloud Console.
  • Over 200 labs from beginner to advanced levels.
  • Bite-sized so you can learn at your own pace.
Join to Start This Lab