1. Overview

Both twistcli and the Jenkins plugin can evaluate package dependencies in your code repositories for vulnerabilities.

The runtimes supported are:

  • Go

  • Java

  • Node.js

  • Python

  • Ruby

2. Integrate code scanning into CI builds

Point the Jenkins plugin to your code repo in the build directory.

  1. In your Jenkins job configuration, click Add build step, and select Scan Prisma Cloud Code Repositories.

  2. Configure the repo scan.

    code repo scanning config scan
    1. In Repository Name, specify the name to be used when reporting the results in Console.

    2. In Repository path, specify the path to the repo in the build directory.

      For example, it could simply be the current working directory (.) or some relative directory.

  3. Click Save, and then execute a build job.

    To see the scan results, log into Console, and go to Monitor > Vulnerabilities > Code repositories > CI. Prisma Cloud evaluates the contents of the repo according to the policy you’ve specified in Defend Vulnerabilities > Code repositories > CI. Prisma Cloud ships with a single default rule that alerts on all vulnerabilities.

    code repo scanning results

3. Use twistcli to scan repos in the CI

If you’re using a CI tool other than Jenkins, Prisma Cloud ships a command line utility that can be invoked from the shell in the build pipeline.

For more information, see code repo scanning with twistcli.