> For the complete CircleCI developer hub index, see [llms.txt](https://circleci.com/developer/llms.txt)

# prisma_cloud/devops_security

This orb is a wrapper for Prisma cloud IaC Scan and Prisma Cloud Compute Scanning tools from Palo Alto Networks.  Prisma Cloud IaC Scan identifies insecure configurations in common Infrastructure-as-Code (IaC) templates - for example,  AWS Cloud Formation Templates, HashiCorp Terraform templates, Kubernetes App Deployment YAML files.  Prisma Cloud Compute TwistCLI Scan can be used to identify vulnerabilities in container images.  More details about the functionality can be found here:  https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-devops-security.html


## Commands

### scan_image

Pack IaC templates repo then send to Prima Cloud for evaluation


| Parameter | Type | Default | Description |
|---|---|---|---|
| `image` | string |  | (deprecated) use prisma_cloud_scan_image |
| `prisma_cloud_compute_pass` | env_var_name | prisma_cloud_compute_pass | (deprecated) use prisma_cloud_compute_password |
| `prisma_cloud_compute_password` | env_var_name | prisma_cloud_compute_password | The Prisma Cloud Compute user's password |
| `prisma_cloud_compute_project` | string |  | The Prisma Cloud Compute project name |
| `prisma_cloud_compute_url` | string | $prisma_cloud_compute_url | The base URL for the Prisma Cloud compute |
| `prisma_cloud_compute_user` | string | $prisma_cloud_compute_user | (deprecated) use prisma_cloud_compute_username |
| `prisma_cloud_compute_username` | string | $prisma_cloud_compute_username | The Prisma Cloud Compute user with the CI User role |
| `prisma_cloud_scan_image` | string |  | The name of the image to scan -- myimage or myorg/myimage or myorg/myimage:latest |
| `reports` | string | junit | Scan report formats |

## Jobs

### scan_iac

Pack IaC templates repo then send to Prima Cloud for evaluation


| Parameter | Type | Default | Description |
|---|---|---|---|
| `access_key` | string | $prisma_cloud_access_key | (deprecated) use prisma_cloud_access_key |
| `failure_criteria_low_severity` | integer | 1 | (deprecated) use prisma_cloud_failure_criteria |
| `failure_criteria_medium_severity` | integer | 1 | (deprecated) use prisma_cloud_failure_criteria |
| `failure_criteria_operator` | string | OR | (deprecated) use prisma_cloud_failure_criteria |
| `faiure_criteria_high_severity` | integer | 1 | (deprecated) use prisma_cloud_failure_criteria |
| `prisma_cloud_access_key` | string |  | Prisma Cloud Access Key |
| `prisma_cloud_api_url` | string | $prisma_cloud_api_url | Prisma Cloud Server Url |
| `prisma_cloud_asset_name` | string |  | IaC templates asset name |
| `prisma_cloud_failure_criteria` | string |  |  |
| `prisma_cloud_repo_dir` | string |  | Directory path where IaC templates are stored. |
| `prisma_cloud_secret_key` | env_var_name | na | Prisma Cloud Secret Key |
| `prisma_cloud_tags` | string |  | Provide the Tags for the repo. |
| `reports` | string | junit | Scan report formats |
| `secret_key` | env_var_name | prisma_cloud_secret_key | (deprecated) use prisma_cloud_secret_key |
| `tags` | string |  | (deprecated) use prisma_cloud_tags |
| `templates_directory_path` | string | . | (deprecated) use prisma_cloud_repo_dir |

## Executors

### compute

This is a compute executor using Linux machine which has docker host access


### default

This is a default executor using Docker and Node.


## Examples

### scan_iac

Trigger IaC scan for all the template files under ./scan folder with Prima Cloud Shift Left security


```yaml
orbs:
  pcs: prisma_cloud/devops_security@3.0.0
version: 2.1
workflows:
  scan:
    jobs:
      - pcs/scan_iac:
          prisma_cloud_access_key: $prisma_cloud_access_key
          prisma_cloud_api_url: $prisma_cloud_api_url
          prisma_cloud_asset_name: $CIRCLE_PROJECT_REPONAME
          prisma_cloud_failure_criteria: High:1, Medium:1, Low:1, Operator:OR
          prisma_cloud_repo_dir: ./scan
          prisma_cloud_secret_key: prisma_cloud_secret_key
          prisma_cloud_tags: env:development, team:DevOps
```

### scan_image

Trigger IaC scan for all the template files under ./scan folder with Prima Cloud Shift Left security


```yaml
jobs:
  docker_safe_build:
    executor: pcs/compute
    steps:
      - checkout
      - run: docker pull nginx
      - pcs/scan_image:
          prisma_cloud_compute_password: prisma_cloud_compute_password
          prisma_cloud_compute_url: $prisma_cloud_compute_url
          prisma_cloud_compute_username: $prisma_cloud_compute_username
          prisma_cloud_scan_image: nginx
orbs:
  pcs: prisma_cloud/devops_security@3.0.0
version: 2.1
workflows:
  scan:
    jobs:
      - docker_safe_build
```