CI/CD Security

Cloud attacks frequently target CI/CD pipelines and the software supply chain, exposing organizations to code injection, credential theft, data exfiltration and intellectual property theft. Organizations must respond by implementing new security practices. Security issues mapped to the OWASP Top 10 identify attack vectors and provide guidance on how to address CI/CD security.

• Get visibility into your software supply chain security posture.

  Identify missing branch protection rules, insecure pipeline configurations and potential for poisoned pipelines, with native controls to proactively prevent attacks.

• Run a graph-based attack path analysis of the many resources impacting your pipelines.

  Software pipelines are multidimensional, with many tools, internal and external resources that must all be secured to prevent attacks.

• Harden your delivery pipelines.

  Backed by the world’s best CI/CD security researchers, Prisma Cloud helps teams adopt critical security guardrails to harden their pipelines over time. These guardrails ensure that bad actors can’t leverage CI/CD pipeline weaknesses to reach production environments or run malicious code.

• Identify credentials exposed in pipelines.

  Find cleartext credentials in webhooks and pipeline logs that could be stolen and abused.

• Create and enforce custom policies throughout the software development lifecycle.

  Integrate vulnerability management to scan repositories, registries, CI/CD pipelines and runtime environments.

The only way to prevent insecure code from reaching production is to scan every code artifact, dependency, and ensure the delivery pipeline is effectively protected. CI/CD Security is just one application security use case that’s a part of Prisma Cloud’s cloud-native application protection platform (CNAPP).

• Identify risks in code as developers are building and testing software.

  Check packages and images for vulnerabilities and compliance issues across repositories like GitHub and registries such as Docker, Quay, Artifactory and others.

• Lock down deployments to only vetted images and templates.

  Leverage Prisma Cloud code scanning and container sandbox analysis to identify and block malicious code and apps from reaching production.

• Capture detailed forensics of every audit or security incident.

  Automatically and securely gather forensics details in a powerful timeline view to enable incident response. You can view data in Prisma Cloud or send it to other systems for deeper analysis.

• Prevent risky activity across any runtime environment.

  Manage runtime policies from a centralized console to ensure security is always present as part of every deployment.Mapping of incidents to the MITRE ATT&CK® framework, along with detailed forensics and rich metadata, helps SOC teams track threats for ephemeral cloud-native workloads.

• Context-aware security.

  Detect and prevent misconfigurations and vulnerabilities that lead to data breaches and compliance violations in runtime with complete cloud developer inventory, configuration assessments, automated remediations and more.