* [Blog](https://www.paloaltonetworks.com/blog)
* [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/)
* [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/)
* How Prisma Cloud Secures ...

# How Prisma Cloud Secures Cloud Native App Development with DevOps Plugins

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fcloud-devops-plugins%2F)  
[](https://twitter.com/share?text=How+Prisma+Cloud+Secures+Cloud+Native+App+Development+with+DevOps+Plugins&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fcloud-devops-plugins%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fcloud-devops-plugins%2F&title=How+Prisma+Cloud+Secures+Cloud+Native+App+Development+with+DevOps+Plugins&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/cloud-devops-plugins/&ts=markdown)  
\[\](mailto:?subject=How Prisma Cloud Secures Cloud Native App Development with DevOps Plugins)  
Link copied  
By [Pradnesh Patil](https://www.paloaltonetworks.com/blog/author/pradnesh-patil/?ts=markdown "Posts by Pradnesh Patil")  
Mar 11, 2020  
4 minutes  
[DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)  
[Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)  
[30 Days of Cloud](https://www.paloaltonetworks.com/blog/tag/30-days-of-cloud/?ts=markdown)  
[DevOps](https://www.paloaltonetworks.com/blog/tag/devops/?ts=markdown)  
[DevSecOps](https://www.paloaltonetworks.com/blog/tag/devsecops/?ts=markdown)  
[Prisma Cloud](https://www.paloaltonetworks.com/blog/tag/prisma-cloud/?ts=markdown)

Why does it seem so hard to consistently deploy secure application infrastructure in the public cloud? [Gartner predicts](https://www.gartner.com/smarterwithgartner/is-the-cloud-secure/) that by 2025, 99% of cloud security breaches will be the customer's fault. The majority of the problems stem from the insecure configuration of application infrastructure and vulnerabilities in container images.

These insecure configurations can range from setting a wrong access control list on an Amazon S3 bucket or deploying an Amazon Relational Database Service (RDS) instance that is not encrypted, to configuring a Kubernetes app manifest to spin up containers as root. In addition, many enterprises today use some sort of infrastructure as code (IaC) mechanism -- Terraform, CloudFormation, Azure Resource Manager (ARM) templates or Kubernetes app manifests -- to rapidly deploy resources to multiple cloud environments, which can create insecure configurations at scale if not validated before deployment.

Lastly, more applications are getting containerized and Kubernetes is becoming the de facto standard for container orchestration. The unfortunate result is container images full of vulnerabilities and Kubernetes manifests with [overly-permissive container access](https://unit42.paloaltonetworks.com/cloud-threat-report-intro/) -- both of which can result in high-profile incidents.

## **Introducing Prisma Cloud DevOps Plugins**

In order to *prevent* these security challenges, we are introducing a [library of Prisma Cloud DevOps Plugins](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-devops-security/secure-your-infrastructure-automation.html) to detect insecure configurations in IaC templates and vulnerabilities in container images before resources get deployed in production:
![Integrated Plugins to Secure the Entire Application Lifecycle. This graphic shows the flow from a developer writing code to storing code in repo to running builds to deploy and testing.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/03/image2-2.png)
Fig 1: Integrated Plugins to Secure the Entire Application Lifecycle

#### Code Development

When developers write IaC templates like Terraform templates (TFT), CloudFormation templates (CFT) and Kubernetes (K8s) manifests, they can use Prisma Cloud to check for security issues right inside their integrated development environment (IDE) using our native plugins. We are excited to announce plugins for both IntelliJ IDE and VS Code.

#### Checking Code into Repository

If a developer fails to correct security alerts in IDE and tries to merge insecure IaC templates (TFT, CFT, K8s manifests) into a source repository like GitHub, the native Prisma Cloud GitHub application can stop the pull request (PR) merge completely, and/or create a security issue against a developer who is trying to merge insecure code into your code repository. Prisma Cloud will check for security issues during any Git PR merge and give you the visibility and control needed to take action.

#### CI/CD Pipeline Security

![Prisma Cloud DevOps Security, which includes DevOps plugins. This graphic shows the flow from the developer through CI/CD pipelines and illustrates how security can be built into the process.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/03/image1-1.png)
Fig 2: Shift Security Left in the Software Pipeline

As DevOps pulls components from multiple repositories during the build/deploy time, the native Prisma Cloud CI/CD plugins can check for security issues during the build phase as well as at deployment time.

Our native CI/CD plugins can identify security issues in IaC templates and scan container images and serverless function zips to detect vulnerabilities. Users can even control when to fail a build or pipeline depending on defined failure criteria covering security policies and vulnerabilities severity and count. Today, Prisma Cloud supports native plugins for Jenkins, Azure DevOps, AWS Code and CircleCI, with more coming.

## **Cloud Agnostic**

All Prisma Cloud DevOps Plugins use a default set of policies for IaC scans and support all three major clouds -- Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP). We use our industry-leading Prisma Cloud threat and vulnerability database for matching vulnerabilities with container images and serverless functions. Each plugin mentioned above is available today on individual DevOps tools marketplaces (e.g. Prisma Cloud GitHub app is available on GitHub marketplace).

## **Prisma Cloud DevOps Plugins Documentation**

We are actively developing additional plugins for more DevOps tools. Take a look at [our documentation on these DevOps plugins](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-devops-security/prisma-cloud-plugins.html) for additional details on what's currently available.

*** ** * ** ***

## Related Blogs

### [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### 3 Simple Techniques to Add Security Into the CI/CD Pipeline](https://www.paloaltonetworks.com/blog/2020/10/cloud-add-security-cicd-pipeline/)

### [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Prisma Cloud Native Security Platform Embeds Security into DevOps Lifecycle](https://www.paloaltonetworks.com/blog/cloud-security/cloud-native-security-platform-2/)

### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Breaking Down Silos with DevSecOps](https://www.paloaltonetworks.com/blog/2020/03/cloud-break-silos-devsecops/)

### [Cloud Native Security Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-native-security-platform/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Prisma Cloud Supply Chain Security Reduces Code Complexity and Risk](https://www.paloaltonetworks.com/blog/2022/03/cloud-software-supply-chain-security/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### How Does DevSecOps Fit Into Your Digital Transformation?](https://www.paloaltonetworks.com/blog/cloud-security/digital-transformation/)

### [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)

[#### The DevSecOps Revolution Is Here: What Is DevSecOps \& How Can It Boost Your ROI?](https://www.paloaltonetworks.com/blog/cloud-security/devsecops-revolution-what-is-devsecops-boost-your-roi/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language