* [Blog](https://www.paloaltonetworks.com/blog)
* [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Native Application Protection Platform](https://www.paloaltonetworks.com/blog/category/cloud-native-application-protection-platforms/)
* Code to Cloud Vulnerabili...

# Code to Cloud Vulnerability Management

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fvulnerability-management-innovation%2F)  
[](https://twitter.com/share?text=Code+to+Cloud+Vulnerability+Management&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fvulnerability-management-innovation%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fvulnerability-management-innovation%2F&title=Code+to+Cloud+Vulnerability+Management&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/vulnerability-management-innovation/&ts=markdown)  
\[\](mailto:?subject=Code to Cloud Vulnerability Management)  
Link copied  
By [Alon Ben Porath](https://www.paloaltonetworks.com/blog/author/alon-ben-porath/?ts=markdown "Posts by Alon Ben Porath") and [Alexandre Cezar](https://www.paloaltonetworks.com/blog/author/alexandre-cezar/?ts=markdown "Posts by Alexandre Cezar")  
Oct 26, 2023  
5 minutes  
[Cloud Native Application Protection Platform](https://www.paloaltonetworks.com/blog/category/cloud-native-application-protection-platforms/?ts=markdown)  
[CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown)  
[Darwin](https://www.paloaltonetworks.com/blog/tag/darwin/?ts=markdown)  
[Infrastructure as Code](https://www.paloaltonetworks.com/blog/tag/infrastructure-as-code/?ts=markdown)

Identifying and remediating vulnerabilities across applications, workloads and systems is important to protect against cyberattacks and keep data safe. This comes as no surprise, considering that 80% of open-source software packages contain vulnerabilities.^1^ At an average rate of 87 per day,^2^ MITRE publishes new CVEs --- and research shows that adversaries can exploit them within 15 minutes of publication.^3^

***Related Article** : [Understanding the MITRE ATT\&CK Framework](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack?ts=markdown)*

Security and InfoSec teams are in a race with malicious actors. At the same time, they're dealing with an abundance of vulnerabilities that require the lion's share of their resources just to find the consequential ones putting their enterprise at risk.

Teams need more than spreadsheets and pivot tables. They need full visibility into all assets, the compute workloads of their cloud environment --- and that includes easy access to meaningful, actionable data.

## The Real-World Challenge

For the most part, [vulnerability management](https://www.paloaltonetworks.com/cyberpedia/what-Is-vulnerability-management?ts=markdown) tools have kept up with modern [cloud-native applications](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native?ts=markdown) developed using open-source code and automated [CI/CD pipelines](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security?ts=markdown) to deploy the software across cloud environments. They do a good job when it comes to identifying vulnerabilities. Problems arise with the magnitude of vulnerabilities detected --- which overshadow the actual risks.

Dealing with the noise has typically overwhelmed security teams pulling in developers, essentially handing them laundry lists of hundreds or thousands of vulnerabilities, saying "Please fix." But without code-to-cloud context, developers can't discern what's most important. In terms of [patch management](https://www.paloaltonetworks.com/cyberpedia/patch-management?ts=markdown), it can take [months to patch a vulnerability](https://www.verizon.com/business/resources/reports/dbir).^4^

The challenge with managing vulnerabilities begins once tools identify them. It lies in the all-important next steps --- prioritization and remediation --- and involves nothing short of bringing order to chaos.
![Once detected, vulnerabilities need to be contextualized to define their potential impact, source and the assets they affect.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/word-image-306996-1-2.png)
Figure 1: Once detected, vulnerabilities need to be contextualized to define their potential impact, source and the assets they affect.

## The Future of Vulnerability Management Begins Now

Prisma Cloud's Vulnerability Management Dashboard, introduced last week in [the Darwin release](https://www.paloaltonetworks.com/blog/2023/10/announcing-innovations-cnapp-prisma-cloud/?ts=markdown), simplifies vulnerability discovery, prioritization and remediation. Using contextual layers, its funnel feature filters out noise and directs teams to urgent and high-impact issues. By efficiently identifying key vulnerabilities in cloud environments, security teams can devise targeted remediation plans and act quickly, reducing risks associated with delayed responses.

Prisma Cloud also provides over 20 contextual risk factors to help narrow down the scope of vulnerabilities. For example, it provides context into whether you have an exploit in the wild, whether the vulnerability is patchable and, most importantly, whether the package containing the vulnerability is in use. This context helps you home in from thousands of vulnerabilities to the handful you should fix.
![Prisma Cloud dashboard showing 6136 critical and high severity vulnerabilities narrowed to 21 priority vulnerabilities in the runtime environment](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/word-image-306996-2-2.png)
Figure 2: Prisma Cloud dashboard showing 21,404 critical and high severity vulnerabilities narrowed to 35 priority vulnerabilities in the runtime environment

## Contextual Analysis: Focusing on Impactful Vulnerabilities

Vulnerability management isn't about eliminating every risk, but about addressing the vulnerabilities that could wield the most impact. The majority of solutions don't provide the context, which makes it difficult for teams to pinpoint the most consequential vulnerabilities and make informed decisions that optimize system performance and reliability.

As seen in figure 3, Prisma Cloud's Vulnerability Management Dashboard ranks the top 5 most impactful vulnerabilities, providing a detailed view based on metrics such as CVSS score, severity and risk factors. If your environment includes an instance of log4j, for example, a single click reveals its far-reaching consequences across your infrastructure.
![Urgent vulnerabilities that require immediate remediation](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/word-image-306996-3-2.png)
Figure 3: Urgent vulnerabilities that require immediate remediation

Visualizing the impact of a vulnerability across the software development lifecycle is no small feat. Prisma Cloud's Vulnerability Management Dashboard offers a full view across code, build, deploy and run stages. In the build stage, you can identify affected packages and infrastructure-as-code resources across multiple repositories.

The dashboard also highlights how these vulnerabilities propagate through host and container images, ultimately affecting runtime hosts, containers and serverless functions. In other words, you can view a complete list of every asset impacted by a particular vulnerability, showing you exactly where (and why) remediation is imperative.
![Code-to-cloud vulnerability graph](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/word-image-306996-4-2.png)
Figure 4: Code to Cloud Vulnerability Graph

## From Insight to Action

Once you've identified and analyzed exploitable, patchable and active vulnerabilities, the next step is remediation. Prisma Cloud traces each vulnerability from the workload back to the source code file and package --- and provides a Fix-in-Code action. With this feature, Prisma Cloud can automate the remediation process by submitting a pull request. Addressing vulnerabilities at their source embodies [shift left security](https://www.paloaltonetworks.com/cyberpedia/shift-left-security?ts=markdown), making future deployments secure by design.

## The Path Ahead with Prisma Cloud

Palo Alto Networks Prisma Cloud is reshaping how organizations manage vulnerabilities from code to cloud. Providing unparalleled visibility with context into critical vulnerabilities across the application lifecycle, it surfaces risks that may have otherwise gone unnoticed. This comprehensive approach covers everything from IaC files, code repositories packages and CI pipelines to container image registries and runtime environments. And its ability to initiate source-based remediation empowers organizations to proactively manage vulnerabilities.

## Learn More

Tune in to our on-demand webinar, [CNAPP Supercharged: A Radically New Approach to Cloud Security](https://start.paloaltonetworks.com/prisma-cloud-new-innovations-for-the-future-of-cloud-security-webinar-on-demand.html), to learn about Prisma Cloud's latest innovations and how to streamline app lifecycle protection. And don't miss an opportunity to test drive best-in-class code-to-cloud security with a [30-day Prisma Cloud trial](https://www.paloaltonetworks.com/prisma/request-a-prisma-cloud-trial?ts=markdown).

**References**

1. "The Software Composition Analysis Landscape, Q1 2023." n.d. Forrester. Accessed September 17, 2023. [https://www.forrester.com/report/the-software-composition-analysis-landscape-q1-2023/RES178778?utm\_campaign=Image%20Editing%20%2F%20Aviary%20Launch](https://www.forrester.com/report/the-software-composition-analysis-landscape-q1-2023/RES178778?utm_campaign=Image%20Editing%20%2F%20Aviary%20Launch).
2. "NVD - February 2023 Listing." n.d. Nvd.nist.gov. Accessed October 11, 2023. [https://nvd.nist.gov/vuln/full-listing/2023/2](https://nvd.nist.gov/vuln/full-listing/2023/2).
3. "2021 Cortex Xpanse Attack Surface Threat Report -- Palo Alto Networks." n.d. Start.paloaltonetworks.com. Accessed September 17, 2023. [https://start.paloaltonetworks.com/asm-report](https://start.paloaltonetworks.com/asm-report).
4. "2023 Data Breach Investigations Report." n.d. Verizon Business. [https://www.verizon.com/business/resources/reports/dbir](https://www.verizon.com/business/resources/reports/dbir).

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Native Application Protection Platform](https://www.paloaltonetworks.com/blog/category/cloud-native-application-protection-platforms/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown)

[#### Where Cloud Security Stands Today and Where AI Breaks It](https://www.paloaltonetworks.com/blog/2025/12/cloud-security-2025-report-insights/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Code to Cloud](https://www.paloaltonetworks.com/blog/cloud-security/category/code-to-cloud/?ts=markdown)

[#### Elevate Cloud Security with the Flexibility and Simplicity of Custom Dashboards](https://www.paloaltonetworks.com/blog/cloud-security/custom-security-dashboards-data-assessment/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown)

[#### Designing Prisma Cloud to See Beyond](https://www.paloaltonetworks.com/blog/cloud-security/user-designed-interface/)

### [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Streamline Risk Management with Context-Based Risk Prioritization](https://www.paloaltonetworks.com/blog/cloud-security/risk-prioritization-remediation/)

### [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown)

[#### Limitless Insights into Your Cloud Security Landscape with the Infinity Graph](https://www.paloaltonetworks.com/blog/cloud-security/infinity-graph-search-investigate/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown)

[#### Show Risk Burndown with the Code to Cloud Dashboard](https://www.paloaltonetworks.com/blog/cloud-security/security-kpis-metric-reporting-dashboard/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language