AI-SPM is generally available to all Prisma® Cloud users as we continue the rollout of Secure AI by Design product portfolio.     Let's go!
Search

Application Security

Block risks from reaching production
and quickly remediate issues in code.

Application security has reached an inflection point. Organizations are pushing new code to production faster than ever, which is enabling too many security risks to leak into runtime. The responsibility for security testing is also shifting from security professionals to developers, even though traditional AppSec tools aren’t built with developers in mind. To overcome these challenges, modern AppSec solutions must integrate seamlessly with development pipelines and code repositories so teams can identify vulnerable components, detect misconfigurations and manage remediation workflows effectively.

Agile development requires security guardrails

Traditional security reviews break agile development methods and slow the business down. To accelerate secure deployment, security teams need to remove gates and build guardrails across the application development lifecycle.

Siloed tools lack holistic context

Cloud-native architectures are complex, and modern software supply chains rely on diverse technologies. Teams need integrated security solutions to simplify risk prioritization and enforce context-aware policies across the application lifecycle.

Consistent security is difficult to apply across the software development lifecycle (SDLC)

Security teams struggle to translate security policy into consistent technical enforcement across the application lifecycle. A platform approach to cloud security is the only way teams can apply consistent security from code to cloud.

A single tool to secure applications across all modern architectures and software supply chains.

Embedding comprehensive security throughout the SDLC makes it easy to identify vulnerabilities, misconfigurations, compliance violations and exposed secrets before they become a problem. Prisma® Cloud consolidates AppSec capabilities — from code to runtime — into a single risk, policy and automation engine. This not only prevents risks from reaching production, it streamlines DevSecOps workflows and provides unparalleled visibility. The result? Engineering teams can secure their entire stack within their existing tools while security teams ensure that all deployed code is fully protected.
  • Support for multiple languages, runtimes and frameworks
  • Consistent controls from build to runtime
  • Embed guided security best practices into DevOps tooling
  • Application Security Posture Management (ASPM)
    Application Security Posture Management (ASPM)
  • Infrastructure as Code (IaC) security
    Infrastructure as Code (IaC) security
  • Software composition analysis
    Software composition analysis
  • Software Supply Chain (CI/CD) Security
    Software Supply Chain (CI/CD) Security
  • Container image scanning
    Container image scanning
  • Policy as code
    Policy as code
  • Secrets security
    Secrets security
  • OSS license compliance
    OSS license compliance
THE PRISMA CLOUD SOLUTION

Our approach to application security

Application Security Posture Management

Prisma Cloud consolidates AppSec tools into a single platform — making it easier to correlate and prioritize risk and apply context-aware security policies across the entire application lifecycle.

  • Single source of truth

    Consolidate AppSec capabilities—from code to runtime—into a single platform to minimize tool console switching and streamline DevSecOps workflows.

  • Comprehensive risk context

    Bring code, pipeline and runtime context together to manage risks based on probability of exploitation and potential business impact.

  • Consistent policy enforcement

    Apply consistent security policy across the SDLC to ensure that security standards are maintained throughout development and deployment.

  • Smart guardrails

    Accelerate secure deployments with agile security guardrails that empower developers to apply best practices throughout the application development lifecycle.

  • Native developer integrations

    Secure applications in existing developer workflows with native integrations for IDEs, VCS and CI/CD tooling.

Application Security Posture Management

Infrastructure as code scanning

IaC offers a powerful opportunity to secure cloud environments directly in code, even before deployment to production. Prisma Cloud enhances security across the SDLC by automating processes and embedding security into DevOps workflows, supporting tools like Terraform®, CloudFormation, Kubernetes®, Dockerfiles, serverless frameworks and ARM templates.

  • Automate cloud misconfiguration checks in code

    Integrate automated misconfiguration checks at every stage of the SDLC, ensuring continuous security and compliance.

  • Identify misconfiguration ownership

    Prisma Cloud tracks IaC resource dependencies and identifies recent developer changes, enhancing collaboration across large teams.

  • Automate feedback and fixes in code

    Prisma Cloud comes with native integrations for IDEs, VCS, and CI/CD tooling to help developers ship secure code in their existing workflows.

  • Include deep context for misconfigurations

    Enable pull request comments and automate commits or pull requests to resolve misconfigurations directly in the code.

Learn more
Container image scanning

Software composition analysis

Modern applications depend heavily on open-source libraries. Often, teams lack visibility into all the dependencies in use and hesitate to push updates for fear of causing disruptions — leaving potentially dangerous vulnerabilities unaddressed. Prisma Cloud integrates seamlessly with your developer tools to automatically identify vulnerabilities in open-source packages and their entire dependency trees. With support for flexible and granular bump fixes, the platform ensures your applications stay secure without risking functionality.

  • Ensure comprehensive open-source security

    Scan all open-source dependencies and cross-references them with trusted databases like NVD and the Prisma Cloud Intelligence Stream to uncover vulnerabilities.

  • Uncover and prioritize risks with context

    Analyze dependency trees to the deepest layer and link vulnerabilities to infrastructure and application risks, streamlining remediation efforts.

  • Resolve vulnerabilities without disruption

    Apply precise updates to fix direct and transitive dependency issues, avoiding breaking changes while addressing multiple vulnerabilities efficiently.

Learn more
Software Composition Analysis

Software supply chain security

Cloud-native CI/CD pipelines are increasingly becoming the target of attacks as they give bad actors access to code and secrets, which can be used to inject malicious code or pivot to exfiltrate data. Prisma Cloud provides a powerful yet simple way to gain visibility and control of application delivery pipelines, using the Cloud Application Graph™ to harden CI/CD pipelines and prevent security issues from reaching production.

  • Gain complete visibility into the engineering ecosystem

    Achieve unified visibility and control across the engineering ecosystem, including code repositories, contributors, technologies used and pipelines connected.

  • Harden CI/CD pipelines

    Implement security guardrails that are informed by world-class software supply chain security research. Harden pipelines and achieve optimized security posture against the OWASP Top 10 CI/CD Risks framework.

  • Analyze the entire ecosystem

    Centralize visibility and control across the engineering ecosystem to correlate disparate signals across codebases, scanners, orchestration and automation tools.

  • Generate a software bill of materials (SBOM)

    Generate an SBOM report containing open-source packages, libraries and IaC resources, along with associated security issues, to track and understand application risk.

Learn more
CI/CD SECURITY

Secrets Security

Bad actors can exploit exposed credentials in seconds. Identify and eliminate secrets before they reach production by scanning IaC templates and container images during development and build time. Using advanced signatures and heuristics, Prisma Cloud ensures your secrets stay secure from the start.

  • Detects secrets in any file type

    Identify exposed passwords, tokens and credentials in IaC templates, golden images and Git repository configurations to prevent security risks.

  • Integrate secrets scanning into developer tools

    Catch hardcoded secrets early with seamless integration into IDEs, CLIs, pre-commit checks and CI/CD pipelines.

  • Advanced secrets detection

    Use regular expressions, keywords or fine-tuned entropy-based scanning to uncover both common and obscure secrets with precision.

Learn more
Secrets scanning

Policy as code

Traditional security testing relies on fragmented tools and teams, making controls hard to replicate. Prisma Cloud streamlines this process with policy as code, embedding replicable, version-controlled and testable controls directly into your codebase. Developers receive instant feedback with autofixes, pull/merge request comments and automated pull/merge request updates to enhance security without slowing down workflows.

  • Define and manage using code

    Create, test and version control checklists skip-lists and custom graph-based policies for IaC templates using Python and YAML, ensuring consistency and control across your infrastructure.

  • Automate account and agent deployment

    Use Terraform to seamlessly onboard accounts, deploy agents, and configure runtime policies, including data ingestion and protection based on OpenAPI and Swagger specifications.

  • Out-of-the-box and custom fixes for misconfigurations

    Save time and effort with hundreds of prebuilt custom fixes for cloud resources and IaC templates, along with the flexibility to add your own fixes to address misconfigurations.

Learn more
Policy as code

Container image scanning

Container images are key components of cloud native-applications. However, they typically include many resources outside the control of developers, such as operating systems and configurations. Prisma Cloud enables security teams to provide actionable feedback and guardrails for vulnerabilities and compliance violations in container images to keep these components secure.

  • Identify vulnerabilities in container images

    Use twistcli to identify vulnerabilities in operating systems and open-source packages built into container image layers.

  • Provide fix status and remediation guidance

    Provide developers with the fix status, minimum version to remediate and time since the fix was released so they can easily prioritize updating packages.

  • Alert on or block vulnerabilities by severity level

    Add guardrails to block images with vulnerabilities that don’t meet severity level requirements before they’re pushed to production.

  • Achieve container compliance in code

    Check your container image dependencies and configurations for violations against popular benchmarks like CIS and proprietary issues such as malware in build time.

  • Ensure trust for container images

    Harden images by leveraging build time scanning and trusted registries for a secure container image supply chain.

Learn more
Container image scanning

OSS license compliance

Every company has its own acceptable use policies for open-source licenses. Don’t wait until a manual compliance review to find out that an open-source library is noncompliant. Prisma Cloud catalogs open-source licenses for dependencies and can alert or block repository commits based on customizable policies.

  • Avoid open-source license violations

    Surface license violations early and block repository commits based on customizable policies.

  • Scan Git and non-Git repositories for issues

    identify potential license issues throughout your codebase and ensure compliance at every stage with seamless integration into both Git and non-Git repositories.

  • Customize alerts and blocking policies

    Set specific thresholds for alerting and blocking by license type to match your organization’s copyleft and permissive license requirements, ensuring full compliance with internal policies.

Learn more
OSS license compliance

AppSec modules

IaC security

Automated IaC security embedded in developer workflows

Learn more

Software Composition Analysis (SCA)

Highly accurate and context-aware open source security and license compliance

Learn more

Software Supply Chain (CI/CD) Security

End-to-end protection for software components and pipelines

Learn more

Secrets Security

Full-stack, multidimensional secrets scanning across repos and pipelines

Learn more
Featured Resources

Secure applications with trusted resources.

See all resources
Datasheet

Code Security

Download
At a Glance

Cloud Code Security

Download
Blog

What Is Container Scanning? A Top Requirement for Container Security

Read now
Whitepaper

The DevSecGuide to Infrastructure as Code

Download
WHITE PAPER

Implementing Cloud Native Security: Shift Left to Increase Effectiveness

Read now

Get the latest news, invites to events, and threat alerts