Palo Alto Networks

DevSecOps

Checkov 3.0: Upgraded Open-Source Infrastructure-as-Code Security

Version 3.0 of Checkov — Prisma Cloud’s open-source infrastructure-as-code (IaC) security scanner — is now available. Checkov 3.0 is a result of over 11 thousand new commits since we released Checkov 2.0 and includes upgrades, such as improved graph policies, deeper Terraform scanning and support for new frameworks.

Checkov enables developers to identify and remediate misconfigurations in infrastructure-as-code files across platforms, such as Terraform, Kubernetes...

Code Security

DevSecOps

Oct 25, 2023

By Matt Johnson

Palo Alto Networks

Products and Services

Partners

CI/CD, DevSecOps

Abusing Repository Webhooks to Access Internal CI/CD Systems at Scale

With the increasing adoption of CI/CD systems, organizations tend to adopt a common CI/CD architecture. This architecture combines SaaS-based source control management systems — su...

Jul 13, 2023

By Omer Gil and Asi Greenholts

Code Security, DevSecOps

How to Embrace Kubernetes Security With Checkov’s Graph Connections

Due to the interconnected nature of Kubernetes, embracing Kubernetes security involves some unique considerations. Everything in Kubernetes is interconnected, so you can’t fully un...

May 17, 2023

By Matt Johnson

DevSecOps

The Top 5 Secrets Management Mistakes and How to Avoid Them

Unknown publicly exposed secrets are almost inevitable for most orgs. Secrets could be anywhere — in your application servers, containerized apps, infrastructure as code (IaC), bus...

Apr 13, 2023

By Nick Sirris

DevSecOps

Enhanced Pull Request Comments: Empower Developers to Ship Code That’s Secu...

Preventing misconfigurations and vulnerabilities from reaching runtime in a manner that doesn’t slow development is challenging. But that’s where pull request (PR) comments come in...

Apr 04, 2023

By Jonathan Bregman

DevSecOps

Top 5 DevSecOps Tools to Help You Ship Secure Code Fast

DevSecOps, or shift left security, is top of mind for many cloud-native teams today. And as the term has grown exponentially, so too has the number of DevSecOps tools and use cases. But all these new additions...

Mar 17, 2023

By Guy Eisenkot and Jonathan Bregman

DevSecOps

Adopting Advanced Terraform Security Use Cases with Prisma Cloud

Advanced Terraform security is a hot topic as you scale in the cloud. Because infrastructure as code (IaC) allows you to quickly spin up cloud resources at scale, leveraging an IaC...

Mar 01, 2023

By Taylor Smith

DevSecOps

How to Think About DevSecOps for a Secure Future

Despite the technological advances of recent years (or perhaps because of them), the number of threats on the internet continues to rise. In fact, a 2022 survey from ThoughtLab found that the number of breaches...

Feb 16, 2023

By Glenn Wilson

Code Security, DevSecOps

It’s Not All Bad! Using Cloud Drift for Teachable Moments

Stack Overflow’s 2021 Developer Survey found that 54% of developers use AWS, yet only 7% use Terraform. That means that far more developers have adopted provisioning, managing and decommissioning cloud infrastr...

Feb 14, 2023

By Taylor Smith

Code Security, DevSecOps

The Key to DevSecOps Success: Cross-Team Knowledge Sharing

A good DevSecOps strategy goes beyond having the right tools and processes in place: it requires consistent and crucially, bi-directional feedback and learning. Both security and e...

Feb 02, 2023

By Taylor Smith

Code Security, DevSecOps

From Manifest to Workload: Embedding Kubernetes Security at Each Phase of t...

Part of the answer is to identify and address security risks within the various components of Kubernetes itself as well as their configurations. You can do this by, for example, va...

Jan 24, 2023

By Chris Tozzi

Code Security, DevSecOps

Exposed Credentials Across the DevSecOps Pipeline: 5 Places Secrets Hide in...

Developers leverage hardcoded credentials to seamlessly access or authenticate the services needed to build and deploy applications. While this practice streamlines development, it...

Jan 17, 2023

By Julia Benson

Announcement, Cloud Workload Protection, DevSecOps, Web Application & API Security

OpenSSL Vulnerability Rating Downgraded to High

On Tue Oct 25, the OpenSSL project team released an advisory announcing the forthcoming release of OpenSSL version 3.0.7. The advisory was issued to call attention to a critical v...

Oct 29, 2022

By Hari Srinivasan, Daniel Prizmant, Taylor Smith and Ariel Zelivansky

Code Security, DevSecOps

Full-Stack Code Visibility With Prisma Cloud Software Bill of Materials (SB...

When Log4Shell was first reported, companies scrambled to figure out if and how they were affected by the vulnerability. Despite their best efforts, few companies were able to full...

Oct 05, 2022

By Taylor Smith

Cloud Native Security Platform, DevSecOps

DevSecOps and Value Stream Management

Everything done within an organization should provide value to customers and other stakeholders. Value Stream Management (VSM) is a business practice that helps identify areas for improvement in a process to make operations more efficient a...

Feb 14, 2022

By Vince Power

Announcement, Cloud Workload Protection Platform, DevSecOps, Products and Services

Prisma Cloud: Leader in the GigaOm Radar for Developer Security Tools

Trends such as infrastructure as code and containerization create the opportunity for unprecedented velocity and digital transformation. This makes it...

Jan 18, 2022

By Ankur Shah

Load more blogs