[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Cloud Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security?ts=markdown) 3. [CI CD Security](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security?ts=markdown) 4. [What Is Cloud Software Supply Chain Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-software-supply-chain-security?ts=markdown) Table of contents * [What Is CI/CD Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security?ts=markdown) * [CI/CD Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security#security?ts=markdown) * [Why CI/CD Security Is Critical](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security#critical?ts=markdown) * [CI/CD Security Threats](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security#threats?ts=markdown) * [Securing the CI/CD Pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security#securing?ts=markdown) * [CI/CD Security Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security#practices?ts=markdown) * [CI/CD Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security#faqs?ts=markdown) * [What Is Insecure System Configuration?](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7?ts=markdown) * [CICD-SEC-7: Insecure System Configuration Explained](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#insecure?ts=markdown) * [Importance of Secure System Configuration in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#importance?ts=markdown) * [Preventing Insecure System Configuration in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#preventing?ts=markdown) * [Industry Standards for System Configuration Security](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#standards?ts=markdown) * [Insecure System Configuration FAQs](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7#faqs?ts=markdown) * [What Is Shift Left Security?](https://www.paloaltonetworks.com/cyberpedia/shift-left-security?ts=markdown) * [Shift Left Security: A Developer-Centric Reality Check](https://www.paloaltonetworks.com/cyberpedia/shift-left-security#shift?ts=markdown) * [Core Principles of Shift Left Security](https://www.paloaltonetworks.com/cyberpedia/shift-left-security#core?ts=markdown) * [What Shift Left Looks Like in Practice](https://www.paloaltonetworks.com/cyberpedia/shift-left-security#practice?ts=markdown) * [What Secure Looks Like Now](https://www.paloaltonetworks.com/cyberpedia/shift-left-security#secure?ts=markdown) * [Shift Left Security FAQS](https://www.paloaltonetworks.com/cyberpedia/shift-left-security#faqs?ts=markdown) * [What Is DevOps?](https://www.paloaltonetworks.com/cyberpedia/what-is-devops?ts=markdown) * [DevOps Is Not](https://www.paloaltonetworks.com/cyberpedia/what-is-devops#devops?ts=markdown) * [DevOps Defined](https://www.paloaltonetworks.com/cyberpedia/what-is-devops#defined?ts=markdown) * [CI/CD Pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-devops#cicd?ts=markdown) * [DevOps and Security](https://www.paloaltonetworks.com/cyberpedia/what-is-devops#security?ts=markdown) * [DevOps FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-devops#faqs?ts=markdown) * [What Is Executive Order 14028?](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028?ts=markdown) * [What's the Purpose of EO 14028?](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028#what?ts=markdown) * [NIST's Responsibilities Under Executive Order 14028](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028#nist?ts=markdown) * [A Platform Approach to Securing Software Development](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028#platform?ts=markdown) * [Tracing Vulnerabilities Through SBOMs](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028#tracing?ts=markdown) * [Improving Software Supply Chain Security](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028#improving?ts=markdown) * [Federal EO 14028 FAQs](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028#faqs?ts=markdown) * What Is Cloud Software Supply Chain Security? * [What is DevSecOps?](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops?ts=markdown) * [What is DevSecOps?](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops#what?ts=markdown) * [DevSecOps vs DevOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops#devsecops?ts=markdown) * [Why DevSecOps Practices Are Important](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops#why?ts=markdown) * [Five Guidelines to DevSecOps Implementation](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops#five?ts=markdown) * [Finding the Best DevSecOps Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops#finding?ts=markdown) * [The Best of DevSecOps: Trends in Cloud Native Security Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops#the?ts=markdown) * [DevSecOps FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops#faqs?ts=markdown) * [What Is Insufficient Flow Control Mechanisms?](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1?ts=markdown) * [CICD-SEC-1: Insufficient Flow Control Mechanisms Explained](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1#insufficient-flow-control-mechanism?ts=markdown) * [Importance of Robust Flow Control Mechanisms in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1#importance?ts=markdown) * [Preventing Insufficiency in Flow Control Mechanisms](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1#preventing-insufficiency-in-flow-control-mechanism?ts=markdown) * [Best Practices to Ensure Sufficient Flow Control in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1#best-practices?ts=markdown) * [The Impact of New Technologies on Flow Control](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1#impact?ts=markdown) * [Insufficient Flow Control Mechanisms FAQs](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1#faq?ts=markdown) * [What Is Poisoned Pipeline Execution (PPE)?](https://www.paloaltonetworks.com/cyberpedia/poisoned-pipeline-execution-cicd-sec4?ts=markdown) * [CICD-SEC-4: Poisoned Pipeline Execution Explained](https://www.paloaltonetworks.com/cyberpedia/poisoned-pipeline-execution-cicd-sec4#pipeline?ts=markdown) * [Importance of Secure Pipeline Execution in CI/CD](https://www.paloaltonetworks.com/cyberpedia/poisoned-pipeline-execution-cicd-sec4#importance?ts=markdown) * [Preventing Poisoned Pipeline Execution](https://www.paloaltonetworks.com/cyberpedia/poisoned-pipeline-execution-cicd-sec4#poisoned?ts=markdown) * [Poisoned Pipeline Execution FAQs](https://www.paloaltonetworks.com/cyberpedia/poisoned-pipeline-execution-cicd-sec4#faqs?ts=markdown) * [What Is the CI/CD Pipeline?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security?ts=markdown) * [CI/CD Pipeline Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-pipeline?ts=markdown) * [How CI/CD Works: A Day in the Life of the Pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#how-ci-cd-works?ts=markdown) * [Stages of a CI/CD Pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#stages-of-a-ci-cd-pipeline?ts=markdown) * [Types of CI/CD Pipelines](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#types-of-ci-cd-pipelines?ts=markdown) * [CI/CD in the Cloud](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-in-the-cloud?ts=markdown) * [CI/CD Pipeline Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#best-practices?ts=markdown) * [CI/CD Pipeline KPIs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-pipeline-kpis?ts=markdown) * [CI/CD Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-tools?ts=markdown) * [Security in CI/CD](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#security-in-ci-cd?ts=markdown) * [CI/CD Trends on the Horizon](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#ci-cd-trends-on-the-horizon?ts=markdown) * [CI/CD Pipeline FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security#faq?ts=markdown) * [What Is Ungoverned Usage of Third-Party Services?](https://www.paloaltonetworks.com/cyberpedia/ungoverned-usage-third-party-services-cicd-sec8?ts=markdown) * [CICD-SEC-8: Ungoverned Usage of Third-Party Services Explained](https://www.paloaltonetworks.com/cyberpedia/ungoverned-usage-third-party-services-cicd-sec8#ungoverned?ts=markdown) * [Importance of Governing Third-Party Services in CI/CD](https://www.paloaltonetworks.com/cyberpedia/ungoverned-usage-third-party-services-cicd-sec8#importance?ts=markdown) * [Preventing Ungoverned Usage of Third-Party Services](https://www.paloaltonetworks.com/cyberpedia/ungoverned-usage-third-party-services-cicd-sec8#preventing?ts=markdown) * [Industry Standards for Governing Third-Party Services](https://www.paloaltonetworks.com/cyberpedia/ungoverned-usage-third-party-services-cicd-sec8#industry?ts=markdown) * [Ungoverned Usage of Third-Party Services FAQs](https://www.paloaltonetworks.com/cyberpedia/ungoverned-usage-third-party-services-cicd-sec8#faqs?ts=markdown) * [What Is Insufficient Pipeline-Based Access Controls?](https://www.paloaltonetworks.com/cyberpedia/pipeline-based-access-controls-cicd-sec5?ts=markdown) * [CICD-SEC-5: Insufficient Pipeline-Based Access Controls Explained](https://www.paloaltonetworks.com/cyberpedia/pipeline-based-access-controls-cicd-sec5#insufficient?ts=markdown) * [Importance of Pipeline-Based Access Controls in CI/CD](https://www.paloaltonetworks.com/cyberpedia/pipeline-based-access-controls-cicd-sec5#importance?ts=markdown) * [Preventing Insufficiency in Pipeline-Based Access Controls](https://www.paloaltonetworks.com/cyberpedia/pipeline-based-access-controls-cicd-sec5#preventing?ts=markdown) * [Industry Standards for Pipeline-Based Access Controls](https://www.paloaltonetworks.com/cyberpedia/pipeline-based-access-controls-cicd-sec5#industry?ts=markdown) * [Insufficient Pipeline-Based Access Controls FAQs](https://www.paloaltonetworks.com/cyberpedia/pipeline-based-access-controls-cicd-sec5#faqs?ts=markdown) * [What Is Insufficient Logging and Visibility?](https://www.paloaltonetworks.com/cyberpedia/insufficient-logging-visibility-cicd-sec10?ts=markdown) * [CICD-SEC-10: Insufficient Logging and Visibility Explained](https://www.paloaltonetworks.com/cyberpedia/insufficient-logging-visibility-cicd-sec10#insufficient?ts=markdown) * [Importance of Sufficient Logging and Visibility in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insufficient-logging-visibility-cicd-sec10#importance?ts=markdown) * [Preventing Insufficiency in Logging and Visibility](https://www.paloaltonetworks.com/cyberpedia/insufficient-logging-visibility-cicd-sec10#preventing?ts=markdown) * [Industry Standards for Logging and Visibility in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insufficient-logging-visibility-cicd-sec10#standards?ts=markdown) * [Insufficient Logging and Visibility FAQs](https://www.paloaltonetworks.com/cyberpedia/insufficient-logging-visibility-cicd-sec10#faqs?ts=markdown) * [What Is Insufficient Credential Hygiene?](https://www.paloaltonetworks.com/cyberpedia/insufficient-credential-hygiene-cicd-sec6?ts=markdown) * [CICD-SEC-6: Insufficient Credential Hygiene Explained](https://www.paloaltonetworks.com/cyberpedia/insufficient-credential-hygiene-cicd-sec6#insufficient-credential-hygiene-explained?ts=markdown) * [Importance of Credential Hygiene in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insufficient-credential-hygiene-cicd-sec6#importance?ts=markdown) * [Preventing Insufficiency in Credential Hygiene](https://www.paloaltonetworks.com/cyberpedia/insufficient-credential-hygiene-cicd-sec6#preventing?ts=markdown) * [Industry Standards for Credential Hygiene in CI/CD](https://www.paloaltonetworks.com/cyberpedia/insufficient-credential-hygiene-cicd-sec6#industry-standards?ts=markdown) * [Insufficient Credential Hygiene FAQs](https://www.paloaltonetworks.com/cyberpedia/insufficient-credential-hygiene-cicd-sec6#faq?ts=markdown) * [What Is Inadequate Identity and Access Management?](https://www.paloaltonetworks.com/cyberpedia/inadequate-iam-cicd-sec2?ts=markdown) * [CICD-SEC-2: Inadequate Identity and Access Management Explained](https://www.paloaltonetworks.com/cyberpedia/inadequate-iam-cicd-sec2#inadequate-identity?ts=markdown) * [Importance of Identity and Access Management in CI/CD](https://www.paloaltonetworks.com/cyberpedia/inadequate-iam-cicd-sec2#importance?ts=markdown) * [Preventing Inadequacy in Identity and Access Management](https://www.paloaltonetworks.com/cyberpedia/inadequate-iam-cicd-sec2#preventing-inadequacy?ts=markdown) * [Best Practices for IAM in CI/CD](https://www.paloaltonetworks.com/cyberpedia/inadequate-iam-cicd-sec2#best-practices?ts=markdown) * [Inadequate Identity and Access Management FAQs](https://www.paloaltonetworks.com/cyberpedia/inadequate-iam-cicd-sec2#faq?ts=markdown) * [What Is Improper Artifact Integrity Validation?](https://www.paloaltonetworks.com/cyberpedia/improper-artifact-integrity-validation-cicd-sec9?ts=markdown) * [CICD-SEC-9: Improper Artifact Integrity Validation Explained](https://www.paloaltonetworks.com/cyberpedia/improper-artifact-integrity-validation-cicd-sec9#artifact?ts=markdown) * [Importance of Artifact Integrity Validation in CI/CD](https://www.paloaltonetworks.com/cyberpedia/improper-artifact-integrity-validation-cicd-sec9#importance?ts=markdown) * [Preventing Improper Artifact Integrity Validation](https://www.paloaltonetworks.com/cyberpedia/improper-artifact-integrity-validation-cicd-sec9#improper?ts=markdown) * [Industry Practices to Promote Artifact Integrity in CI/CD](https://www.paloaltonetworks.com/cyberpedia/improper-artifact-integrity-validation-cicd-sec9#promote?ts=markdown) * [Improper Artifact Integrity Validation FAQs](https://www.paloaltonetworks.com/cyberpedia/improper-artifact-integrity-validation-cicd-sec9#faqs?ts=markdown) * [What Is Dependency Chain Abuse?](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3?ts=markdown) * [CICD-SEC-3: Dependency Chain Abuse Explained](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3#cicd-sec?ts=markdown) * [Importance of Secure Dependency Chains in CI/CD](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3#importance?ts=markdown) * [Identifying Signs of Dependency Chain Abuse](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3#identifying-signs?ts=markdown) * [Preventing Dependency Chain Abuse](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3#preventing?ts=markdown) * [Additional Practices for Dependency Chain Security](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3#additional-practices?ts=markdown) * [Dependency Chain Abuse FAQs](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3#faq?ts=markdown) * [Anatomy of a Cloud Supply Pipeline Attack](https://www.paloaltonetworks.com/cyberpedia/anatomy-ci-cd-pipeline-attack?ts=markdown) # What Is Cloud Software Supply Chain Security? 5 min. read [AppSec's New Horizon: A Virtual Event](https://start.paloaltonetworks.com/appsecs-new-horizon-virtual-event.html) Cloud software supply chains are tuned to deliver code to production faster than ever. Open source [infrastructure as code](https://www.paloaltonetworks.com/cyberpedia/what-is-iac) (IaC) templates, code libraries and [container images](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container) provide a head start during development to create new features and tools. [DevOps pipelines](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security) automate away many of the manual tasks of traditional supply chains. They take code from the developer's laptop to production, all without manual intervention. This opens many organizations' software supply chains to being prime targets for attacks. If infiltrated, software supply chains provide direct access to privileged credentials, proprietary codebases, sensitive data, infrastructure for cryptomining, ransomware and more. That is why supply chain security is so important for cloud software. ## Attacks on Cloud Supply Chains There are a variety of [types of software supply chain attacks](https://www.paloaltonetworks.com/prisma/unit42-cloud-threat-research-2h21). Typically they come down to either insecure components of an application or attacking the pipelines that store and deliver code. All of them open organizations to high-profile breaches. Insecure components can be either through negligence or intentional. Code components sourced from both open source and proprietary sources can contain vulnerabilities and misconfigurations. These security issues are not malicious, but using old code or insecure defaults can expose an application to attack. Some insecure components, however, are malicious. Bad actors can attempt to add malware to code libraries or [poison containers to contain malware](https://unit42.paloaltonetworks.com/malicious-cryptojacking-images/). At runtime, bad actors can attempt to modify a container or cloud infrastructure to drift away from its code definition. Other cloud software supply chains compromises target the pipelines that deliver code. Insecure version control systems without branch or login protections can allow for malicious code to be committed to a repository. Insecure [continuous integration/continuous deployment (CI/CD) pipelines](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security?ts=markdown) can unintentionally execute any code that runs through them, exposing secrets or allowing for data exfiltration. Once inside a pipeline or its components, bad actors will attempt to pivot to more valuable targets. Overly permissive accounts and unprotected networks make this much easier. All of these software supply chain risks can be mitigated with proper security. ## Cloud Software Supply Chain Security Supply chain security leverages DevSecOps to protect against these attacks. It begins with the [discovery of all components](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management-for-third-party-and-supply-chain-security), visibility into the components of a supply chain, and then securing the components of cloud native application and infrastructure throughout the development lifecycle. ### Secure Components Modern applications consist of proprietary code, code libraries, images and IaC, such as Terraform and Kubernetes manifests. Discovery and inventory of these components can be centralized utilizing software bills of material (SBOMs). [Securing IaC](https://www.paloaltonetworks.com/blog/prisma-cloud/prisma-bridgecrew-infrastructure-security/) sets a baseline posture for the infrastructure that the application runs in. IaC templates like Terraform, CloudFormation, ARM, and Kubernetes manifests are by default insecure. Finding and fixing misconfigurations in IaC makes it more difficult to attack an application and lowers the blast radius for successful attacks. Images must also be [scanned for vulnerabilities](https://www.paloaltonetworks.com/blog/prisma-cloud/what-is-container-scanning-a-top-requirement-for-container-security/) and misconfigurations, such as exposing port 22. If an image is from an unknown source, it's also important to test that image in an image sandbox scanner to expose malware. This should be performed locally, in repositories after building images, in registries and continuously at runtime. Further, it's important to check the trustworthiness of an image by only allowing trusted images from trusted sources, to avoid image poisoning attacks. Open source code libraries need to be vetted for vulnerabilities and upgraded or patched when vulnerabilities are discovered. This can be done locally or in repositories. Once these controls are put in place, the next step is to secure the pipeline that deploys them. ### Secure Pipelines Increasingly, pipelines are becoming targets for attacks. Securing pipelines means every part of the software development process must be hardened. This includes VCS settings, CI/CD configurations and the infrastructure they run on. Version control systems (VCS) have branch protection and secure login capabilities, but they are not on by default. Ensure that repositories do not allow code to be committed without a human review. Additionally, do not allow logins without MFA or any network events without TLS turned on. CI/CD pipelines also need to be hardened. By default, they often allow the execution of code to run tests. This can lead to exposing credentials if a bad actor checks in an update to a pipeline that exfiltrates the secret. It also can lead to code tampering. Lock down CI/CD pipelines to not run all code on all branches. Pipelines also run on infrastructure and include credentials to spin up test environments. That infrastructure should be vetted like production infrastructure. Credentials should only allow the minimum access required to run tests and deploy updates, with a separation of duties between those two tasks. Finally, in each of these layers, secrets can inadvertently be exposed. Secrets can accidentally be included in IaC templates or CI/CD pipelines. Ensure no secrets get added to a repository except through an encrypted vault. ## Secure Cloud Software Supply Chain Throughout the Development Lifecycle Begin your [cloud native software supply chain security](https://www.paloaltonetworks.com/prisma/cloud/cloud-code-security) journey by starting with visibility into your code to cloud resources. Related Content [ASPM Buyer's Guide Gain a comprehensive framework for evaluating and choosing an ASPM solution that shifts your AppSec strategy from reactive to proactive.](https://start.paloaltonetworks.com/application-security-posture-management-buyers-guide.html) [Accelerate Secure Development with Prevention-First Application Security Posture Management (ASPM) Learn how Cortex Cloud's ASPM centralizes and correlates findings from disparate security scanning tools with complete context across code, application infrastructure, and cloud ru...](https://www.paloaltonetworks.com/resources/datasheets/application-security-posture-management-solution-brief?ts=markdown) [Introducing Cortex Cloud ASPM Cortex Cloud ASPM gives security and engineering teams the control to prevent exploitable risk early and respond with full context across the software lifecycle.](https://www.paloaltonetworks.com/blog/cloud-security/introducing-aspm-cortex-cloud/?ts=markdown) [AppSec's New Horizon Join this virtual event to get a practical, prevention-first blueprint --- backed by new Unit 42 research --- to modernize your AppSec strategy.](https://start.paloaltonetworks.com/appsecs-new-horizon-virtual-event.html) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Cloud%20Software%20Supply%20Chain%20Security%3F&body=Explore%20how%20cloud%20software%20supply%20chains%20accelerate%20development%20with%20open-source%20IaC%20templates%2C%20code%20libraries%2C%20and%20container%20images%20for%20faster%20deployments.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-cloud-software-supply-chain-security) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/executive-order-14028?ts=markdown) What Is Executive Order 14028? [Next](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops?ts=markdown) What is DevSecOps? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language