Highlights:

  • Prisma Cloud’s CI/CD Security offers graph-based visibility in engineering ecosystems.
  • Prisma Cloud’s new dashboard offers unified engineering ecosystem visibility.

Palo Alto Networks Inc. recently launched a new CI/CD security module in its Prisma Cloud platform, enhancing code-to-cloud capabilities and integrated software delivery pipeline security.

Graph-based CI/CD security is provided by CI/CD Security by Prisma Cloud and is intended to improve visibility in engineering ecosystems. Using the Cloud Application Graph, the service provides defense against the Top 10 CI/CD risks identified by the Open Worldwide Application Security Project, pipeline posture management, and attack path analysis.

Palo Alto contends that as developers submit their code to source control, a bewildering assortment of various code scanners used to find vulnerabilities and misconfigurations results in AppSec teams having a fragmented understanding of risk. Additionally, it is asserted that most organizations lack visibility into those who contribute to trusted artifact registries, the technologies and frameworks being used, and how to export a software bill of materials from the said ecosystem.

The new Prisma Cloud Application Security dashboard provides a single point of visibility for the engineering ecosystem. The dashboard also normalizes signals coming from various code scanners to give users a centralized view of risk and a trending view to help them track security performance across development teams.

The service enables AppSec teams to achieve comprehensive visibility across code repositories, contributors, connected pipelines, and used technologies from a unified interface while identifying specific code risks. The service enables teams to prioritize risk with complete infrastructure context by assisting AppSec in understanding which repositories and pipelines are linked to production.

The cloud security platform from Palo Alto Networks has 11 modules, the latest of which is CI/CD Security. Palo Alto claims that the Prisma Cloud is the most comprehensive CNAPP, or cloud-native application protection platform, due to the integration to secure the entire application lifecycle from code through deployment to runtime.

Additionally, the new module incorporates technology from Cider Security Ltd., which Palo Alto purchased in November for about USD 195 million. Before deploying applications into production environments, organizations can “shift security left” with technology to stop threats and vulnerabilities.

Former Co-founder of Cider Security and Chief Technology Officer of Application Security for Prisma Cloud, Daniel Krivelevich, said ahead of the release, “The only way to prevent insecure code from reaching production is to scan every code artifact and dependency and ensure the delivery pipeline is effectively protected. Integrating Cider’s technology with Prisma Cloud strengthens the platform’s ability to help secure organizations’ entire engineering ecosystem, ensuring only what is intended is pushed to production.”