Palo Alto Networks, provider of an enterprise cybersecurity platform, announced Prisma Cloud Supply Chain Security. This release works to provide a complete view of where potential vulnerabilities or misconfigurations exist in a software supply chain, enabling organizations to trace and fix them easily.
With Supply Chain Security, Prisma Cloud provides users with full lifecycle visibility and protection as well as the context needed to find where a vulnerability fits into the layers of the cloud architecture.
With this release, organizations will be able to identify vulnerabilities and misconfigurations in open-source packages, infrastructure as code files, and delivery pipelines, such as version control systems and CI pipeline configurations.
Prisma Cloud Supply Chain Security brings users several new features, including auto-discovery to extract and model code assets, graph visualization to keep inventory of important application and infrastructure asset dependencies, and supply chain code fix to remediate vulnerable dependencies or misconfigured infrastructure as code resources using a single pull request.
Additionally, with this release organizations can identify and solve vulnerabilities in open-source packages in application code using code repository scanning and extend policy-as-code to harden version control systems and CI/CD configurations in order to prevent attacks.
“Every day new vulnerabilities are found in open source and other software components that have previously been integrated into the organization’s software code. Without the proper tools, it is very difficult for organizations to quickly spot where they have used the unpatched versions of these components,” said Ankur Shah, senior vice president of Prisma Cloud products. “Prisma Cloud is designed to help protect organizations from code to cloud; and now that customers can visualize their software supply chain, it’s easier to spot, prioritize, and remediate security weaknesses at the onset of development and during delivery pipelines.”
This release allows organizations to better assess the attack surface of their delivery pipelines as well as all connected application and infrastructure resources, leading to better overall protection. Supply Chain Security is now available in both Prisma Cloud and Bridgecrew by Prisma Cloud.