* [Blog](https://www.paloaltonetworks.com/blog)
* [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Native Application Protection Platform](https://www.paloaltonetworks.com/blog/category/cloud-native-application-protection-platforms/)
* Fixing Issues from Code t...

# Fixing Issues from Code to Cloud in One Place

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fremediate-runtime-source-code%2F)  
[](https://twitter.com/share?text=Fixing+Issues+from+Code+to+Cloud+in+One+Place&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fremediate-runtime-source-code%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fremediate-runtime-source-code%2F&title=Fixing+Issues+from+Code+to+Cloud+in+One+Place&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/remediate-runtime-source-code/&ts=markdown)  
\[\](mailto:?subject=Fixing Issues from Code to Cloud in One Place)  
Link copied  
By [Vinay Venkataraghavan](https://www.paloaltonetworks.com/blog/author/vinay-venkataraghavan/?ts=markdown "Posts by Vinay Venkataraghavan")  
Oct 19, 2023  
7 minutes  
[Cloud Native Application Protection Platform](https://www.paloaltonetworks.com/blog/category/cloud-native-application-protection-platforms/?ts=markdown)  
[DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)  
[CI/CD Security](https://www.paloaltonetworks.com/blog/tag/ci-cd-security/?ts=markdown)  
[Darwin](https://www.paloaltonetworks.com/blog/tag/darwin/?ts=markdown)  
[Vulnerabilities](https://www.paloaltonetworks.com/blog/tag/vulnerabilities/?ts=markdown)

Having pivoted away from traditional monolithic application models, today's DevOps teams routinely leverage technologies like containers and serverless architectures to build microservices-based applications distributed across vast ecosystems.

Following up on our recent blog post where we touched on code-to-cloud remediation as part of [new features in the Prisma Cloud Darwin release](https://paloaltonetworks.com/blog/2023/10/announcing-innovations-cnapp-prisma-cloud), we'd like to delve deeper into remediation. First, let's look at the challenges of risk remediation in cloud security.

## **Challenges in Modern Security**

The evolution of the app, with its many gains, remains a double-edged sword. Widespread use of open-source libraries and the proliferation of application components has broadened the attack surface. Security teams race to keep pace with swift deployments while [DevOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devops?ts=markdown) teams, in their drive for rapid deployment, often view security and InfoSec as obstacles. Compounding these challenges, the tools designed to safeguard modern architectures often fall short.

### **The Industry's Incomplete Response**

Security vendors have responded with purpose-built solutions that address only parts of the security problem. While many tools, for instance, provide insights based on risk factors from CVE, CVSS, and NVD, they lack the context of an organization's specific environment. Key questions remain unanswered:

* Are there misconfigurations in the cloud that could amplify exploitation risks?
* Is the vulnerability exposed to the internet through the network?
* What permissions do vulnerable machines or containers have?

The market is flooded with tools, each addressing only a subset of use cases. Traditional tools might focus on hosts or virtual machines running inside clouds, while others scan for vulnerabilities in open-source software within code repositories. This fragmented approach lacks cohesion. If a critical vulnerability spreads across thousands of instances, these tools falter, unable to trace the issue back to its origin in the developer environments.

These limitations pose significant challenges for security teams, who require about 145 hours to resolve a security alert^1^ --- in stark contrast to adversaries who need only 15 minutes to exploit a new vulnerability.^2^

The industry's solution to the security problem has been to shift left. But the industry has fallen short in offering solutions that teams find challenging to operationalize due to blind spots and interoperability issues. Purpose-built tools don't cater to the needs of either the DevOps or the security teams and, in fact, deepen the divide between them.

Video: Learn how to remediate misconfigurations, first in code and then in the cloud.

## **Facilitating DevSecOps**

DevSecOps, as we know, offers an optimal scenario for security and DevOps teams. In this framework, security teams gain complete visibility into all applications and their components throughout the code, build, deploy, and run phases.

In its platform approach to secure cloud-native applications, Prisma Cloud leads the way in enabling enterprises to integrate security throughout the application lifecycle. The [Prisma Cloud platform](https://www.paloaltonetworks.com/prisma/whyprisma?ts=markdown) equips DevOps teams with the tools to take responsibility for security before deploying code. By facilitating DevSecOps, Prisma Cloud [bridges the gap](https://www.paloaltonetworks.com/blog/2020/05/cloud-devsecops/?ts=markdown), helping both teams to meet their goals.

## **Unveiling Prisma Cloud**

Prisma Cloud offers [a uniquely comprehensive CNAPP](https://paloaltonetworks.com/prisma/cloud) that fosters DevSecOps by giving teams a clear view of application components, from the code phase --- including libraries, packages, dependencies, and IaC templates --- right through to the runtime phase, encompassing running hosts, containers, and services.

Surfacing critical security weaknesses, the platform then correlates findings back to the flaws in development code, enabling teams to easily fix issues at the source, preventing future insecure deployments.

### **Seamless Integration with Developer Tools**

The [shift left](https://www.paloaltonetworks.com/cyberpedia/shift-left-security?ts=markdown) principle comes into play by identifying security issues early in the code, build, and deploy phases. Prisma Cloud stands out by offering seamless, out-of-the-box integrations with popular tools developers rely on, such as IDEs, code repositories, container registries, and [CI/CD pipelines](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security?ts=markdown).

By embedding security checks into familiar developer tools like VSCode, GitRepos, and container and serverless registries, DevOps teams can spot and address security concerns right from their familiar environments, even before deploying applications. The capacity to identify and rectify issues during runtime has become a proven weapon in the [DevSecOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops?ts=markdown) arsenal, ensuring the deployment of secure applications and preventing potential breaches.

## **Key Features of Prisma Cloud**

Prisma Cloud ensures that security isn't an afterthought but an integral part of enterprise processes. Among [standout features introduced in the Darwin release](https://www.paloaltonetworks.com/prisma/cloud/latest?ts=markdown) is the code-to-cloud traceback capability, which offers users a visual map of all application artifacts from code to cloud. With code-to-cloud traceback, users can precisely identify and address artifacts throughout the application lifecycle.

Another notable feature, drift detection identifies local changes that deviate from the intended final state --- whether these changes were made during the code, build, deploy, or run phases. As teams know, early drift detection ensures timely remediation.

Additionally, the platform empowers teams to fix alerts, incidents, and findings in the code or in the cloud. This dual capability ensures you can both prevent issues in the code phase and address the repercussions of these issues during the run phase.

## **Operationalizing Security with Prisma Cloud**

Prisma Cloud empowers DevSecOps teams to collaborate, ensuring security is integrated throughout the code, build, deploy, and run phase.

### **Runtime Phase**

In the runtime phase, teams should deploy agents to safeguard applications and their associated microservices. By doing so, they can achieve a holistic view of all compliance violations and vulnerabilities at the application level via the Prisma Cloud. This visibility is crucial for identifying risks and exposures, especially those associated with Kubernetes and application configurations.
![Code-to-Cloud Remediation enables you to easily fix issues in the cloud or open a pull request to fix the issue permanently in the code.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/word-image-306207-2.png)
Figure 1: Code-to-Cloud Remediation enables you to easily fix issues in the cloud or open a pull request to fix the issue permanently in the code.

### **Deploy Phase**

During the deploy phase, it's essential to scan for code-related issues, such as misconfigurations and vulnerabilities in application artifacts. Recognizing weaknesses in the CI/CD pipeline and infrastructure is equally vital. The platform aids in detecting exposed secrets and credentials in the pipeline, especially those originating from IaC templates. Establishing and implementing [least privilege access](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access?ts=markdown) during this phase ensures that only authorized individuals can make critical changes.

### **Build Phase**

In the build phase, the platform's capabilities shine by scanning IaC templates for compliance violations and misconfigurations. It's also adept at detecting exposed secrets and credentials, ensuring that sensitive information remains protected.

### **Code Phase**

The code phase emphasizes the importance of [software composition analysis](https://www.paloaltonetworks.com/cyberpedia/what-is-sca?ts=markdown) to identify vulnerabilities in open-source packages --- a growing concern in today's tech landscape. Prisma Cloud integrates with popular IDEs like VSCode, allowing developers to identify library and package dependencies in code for various programming languages.

## **The Power of Code-to-Cloud Intelligence**

Prisma Cloud is uniquely designed with Code-to-Cloud Intelligence, connecting risk insights in production back to the source in development environments to protect applications. Security teams can trace risk across each stage of the app lifecycle --- code, build, deploy and run --- to reduce risk and prevent breaches.

Our users tell us they choose Prisma Cloud for the platform's strong remediation capabilities --- and for its ability to bridge DevOps and security teams, helping them to meet their collective goals.

## **Learn More**

Tune in to our on-demand webinar, [CNAPP Supercharged: A Radically New Approach to Cloud Security](https://start.paloaltonetworks.com/prisma-cloud-new-innovations-for-the-future-of-cloud-security-webinar-on-demand.html), to learn about Prisma Cloud's latest innovations and how to streamline app lifecycle protection. And don't miss an opportunity to test drive best-in-class code-to-cloud security with a [30-day Prisma Cloud trial](https://www.paloaltonetworks.com/prisma/request-a-prisma-cloud-trial?ts=markdown).

**References**

1. Apr 18, and 2023. n.d. "Unit 42 Cloud Threat Report, Volume 7: Navigating the Expanding Attack Surface." Palo Alto Networks. Accessed October 4, 2023. [/resources/research/unit-42-cloud-threat-report-volume-7](https://www.paloaltonetworks.com/resources/research/unit-42-cloud-threat-report-volume-7?ts=markdown).

2. "2023 Unit 42 Attack Surface Threat Report." n.d. Palo Alto Networks. [/resources/research/2023-unit-42-attack-surface-threat-report](https://www.paloaltonetworks.com/resources/research/2023-unit-42-attack-surface-threat-report?ts=markdown).

*** ** * ** ***

## Related Blogs

### [Cloud Native Application Protection Platform](https://www.paloaltonetworks.com/blog/category/cloud-native-application-protection-platforms/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown)

[#### Code to Cloud Vulnerability Management](https://www.paloaltonetworks.com/blog/cloud-security/vulnerability-management-innovation/)

### [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Top 3 IAM Risks in Your GitHub Organization](https://www.paloaltonetworks.com/blog/cloud-security/prevent-inadequate-iam-github-organization/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)

[#### A Primer on Secure DevOps: Learn the Benefits of These 3 DevSecOps Use Cases](https://www.paloaltonetworks.com/blog/cloud-security/a-primer-on-secure-devops-learn-the-benefits-of-these-3-devsecops-use-cases/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Native Application Protection Platform](https://www.paloaltonetworks.com/blog/category/cloud-native-application-protection-platforms/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### Leveraging Prisma Cloud's HashiCorp Terraform Cloud Run Task for Secure Infrastructure Deployments](https://www.paloaltonetworks.com/blog/cloud-security/hashicorp-terraform-cloud-run-tasks-integration/)

### [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-infrastructure-entitlement-management/?ts=markdown), [Cloud Network Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-network-security/?ts=markdown), [Cloud Security Posture Management](https://www.paloaltonetworks.com/blog/category/cloud-security-posture-management/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)

[#### 6 Common Kubernetes and Container Attack Techniques and How to Prevent Them](https://www.paloaltonetworks.com/blog/cloud-security/6-common-kubernetes-attacks/)

### [Cloud Native Application Protection Platform](https://www.paloaltonetworks.com/blog/category/cloud-native-application-protection-platforms/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)

[#### Zero Trust for Applications Best Practices: Securing Cloud Workloads](https://www.paloaltonetworks.com/blog/cloud-security/zero-trust-cloud-workloads/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language