Inject Security into Your AWS Development Pipeline

Jun 26, 2024
4 minutes
... views

Seamlessly integrate Code to Cloud security into your AWS development workflows with Prisma Cloud and AWS CodeCommit.

We recently wrote about shifting left with Prisma Cloud in a blog post that explored integrating security directly into your integrated development environment (IDE). This practice forms a cornerstone of the shift-left strategy, in that it allows developers to incorporate security checks into their workflows within the IDEs. Think of it like a TSA security check. The check isn’t about the checkpoint but about verifying the passenger's passport and boarding pass. In a similar way, integrating security into the version control system (VCS) is invaluable.

By Implementing access control, encryption, code reviews, audit logging, branch protection and automated security scanning within VCS, organizations can significantly enhance the security of their development pipelines, protecting their codebase from unauthorized access, vulnerabilities and other security threats.

Why Add Support for AWS CodeCommit?

AWS CodeCommit is a secure, highly scalable, managed source control service that hosts private Git repositories. It eliminates the need to manage your source control system or scale its infrastructure, allowing you to store anything from code to binaries. CodeCommit supports standard Git functionality, working seamlessly with your existing Git-based tools.

With CodeCommit, you benefit from a fully managed service hosted by AWS, offering high availability and durability without the administrative overhead of managing hardware or software. Your code is securely stored with encryption at rest and in transit. CodeCommit supports collaborative work on code through pull requests, notifications and more. It easily scales to meet your development needs, handling large repositories, numerous files and extensive revision histories.

CodeCommit integrates with other AWS and third-party services, enhancing your development lifecycle by keeping repositories close to your production resources. You can migrate files from other remote repositories and continue using familiar Git tools, supported by CodeCommit's Git and AWS CLI commands and APIs.

By integrating Prisma Cloud with your AWS CodeCommit VCS, you’ll gain visibility into and monitor the systems, technologies, configurations and pipelines that make up the AWS CodeCommit platform.

AWS CodeCommit VCS Application Graph
Figure 1: AWS CodeCommit VCS Application Graph

New VCS Integration for Prisma Cloud

VCS integrations enables teams to identify infrastructure-as-code (IaC) misconfigurations, open-source vulnerabilities, license noncompliance, exposed secrets and CI/CD pipeline risks in AWS CodeCommit. By connecting Prisma Cloud to AWS CodeCommit, your team can contextualize, prioritize and mitigate issues as soon as they're detected, enhancing your organization's security posture.

Prisma Cloud and AWS CodeCommit integration flow
Figure 2: Prisma Cloud and AWS CodeCommit integration flow

Prisma Cloud Developer Integrations

Developers hold the keys to the success of your shift left and AppSec initiatives. Security integrated into development is far better (and less expensive) than a patch slapped on later. But you’re right — integrations aren’t always developer-friendly, which can leave the ever-promising shift left strategy underutilized.

Prisma Cloud, on the other hand, offers visibility and policy controls that enable engineering teams to secure their full stack without ever leaving their tools.

Prisma Cloud embeds comprehensive security across the software development cycle. The Code to Cloud platform identifies vulnerabilities, misconfigurations, compliance violations and exposed secrets early in the development lifecycle. With scanning support for IaC templates, container images, open-source packages, secrets and delivery pipelines, Prisma Cloud provides AppSec backed by the open-source community and years of expertise and threat research. While security teams ensure that all deployed code is secure, developers are empowered to deliver secure code.

Involving developers in remediation is the fastest way to get things fixed, and Prisma Cloud provides feedback directly in DevOps tools, including IDEs, CI tools and VCS. It integrates with these tools to offer feedback and guardrails throughout the development lifecycle and creates VCS comments on new pull requests for identified security issues, making it easier to find and fix them.

Learn More

If you’d like to learn more about how to shift left with Prisma Cloud, join an upcoming shift-left bootcamp.


Subscribe to Cloud Native Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.