Create console using twistlock_console.yaml
Build a Continuous Deployment Pipeline with Jenkins and Kubernetes
Install the Prisma Cloud Compute Jenkins plugin
Prisma Cloud Scan CI/CD Pipeline Jenkins and Code Repo Github
Most modern organizations realize the value of shifting security left in the development lifecycle — especially as applications are becoming collections of microservices and functions, and everything is getting defined as code. Developers use a vast array of tools to build and deploy cloud native applications, and operationalizing security controls that work seamlessly across these tools remains a challenge. Prisma Cloud enables you to check your DevOps infrastructure templates for security misconfigurations and scan container images to proactively prevent issues by shifting left.
Prisma Cloud provides a Jenkins plugin that lets you incorporate vulnerability and compliance scanning into your continuous integration pipeline. The plugin scans container images and serverless functions. Prisma Cloud can pass or fail builds, depending on the types of issues discovered, and the policies set in Console. By incorporating scanning into the build phase of the development workflow, developers get immediate feedback about what needs to be fixed. The scan report provides all the information required to fix the vulnerabilities.
In this lab you will use Prisma Cloud Compute to scan an image at build time within Jenkins on a Google Kubernetes Engine (GKE) cluster for vulnerabilities and compliance issues, as well as your Github code repo for vulnerabilities and compliance issues.
What you'll do in the lab:
Deploy Prisma Cloud Compute
- Deploy Prisma Cloud Compute on the GKE Cluster
Securing CI/CD Pipeline - Jenkins
- Download the Prisma Cloud Compute Jenkins plugin
- Setup a Jenkins deployment
- Install the Prisma Cloud Compute Jenkins plugin
- Build and Scan an image in the pipeline
- View the scan results
- Change the vulnerability threshold and observe the change in the scan result
Scan Code Repo - Github
Add GitHub credentials
Fork private repositories with key vulnerabilities
Generate GitHub access token and setup webhook in advance
Onboard repositories that have vulnerabilities
Setup a vulnerability rule
Review the details of vulnerabilities detected
Commit a code with new vulnerability and detect it in the repository
Join Qwiklabs to read the rest of this lab...and more!
- Get temporary access to the Google Cloud Console.
- Over 200 labs from beginner to advanced levels.
- Bite-sized so you can learn at your own pace.