Prisma Cloud is a Cloud Native Application Protection Platform (CNAPP). One of the modules used in Prisma Cloud is Cloud Workload Protection (CWP) which can be used for:
- Vulnerability Management
- Compliance Management
- Runtime Protection
- Web Application and API security
- Open Policy Admission
- Embedding security into DevOps pipelines
- Several other use-cases!
You can find out more about Prisma Cloud here.
This demo utilizes a Jenkins build server to go through a pipeline which:
- Clones this repository
- Downloads the latest Prisma Cloud "twistcli" tool
- Scans a Terraform plan (IaC) to deploy a Lambda function in AWS Prisma Cloud Security Scanning
- Scans the serverless function itself for vulnerable third-party dependencies Prisma Cloud Security Scanning
- Deploys the serverless function into AWS using Terraform
- Scans a Dockerfile for security misconfigurations Prisma Cloud Security Scanning
- Builds the custom nginx container image
- Scans the built container image for security misconfigurations Prisma Cloud Security Scanning
- Pushes the built container to dockerhub
- Scans the kubernetes manifest for security misconfigurations Prisma Cloud Security Scanning
- Finally desploys the application to a k8s cluster