Cloud Supply Chain Protection from Palo Alto
Palo Alto has introduced the industry’s first runtime context-aware software composition analysis (SCA) system that helps developers identify open-source software components that are safe to use and will be integrated with Prisma Cloud.
Software supply chain attacks are a growing problem that affected/affects more organizations. Most detection systems are standalone products that spot risks too late in the application development process and only look for vulnerabilities and indirect dependencies. Also increases the risk of vulnerability backlogs and remediation costs.
Prisma Cloud SCA enables developers and security teams to find known vulnerabilities during the application development lifecycle and set remediation priorities based on software components that are in use.
This suite has the below capabilities
- Development lifecycle protection
- real-time and contextual analysis of cloud environments
- Zeroday protection
- CI/CD pipeline
The vulnerability database is built from trusted Palo Alto Networks’ Unit 42 research arm, In addition to scanning for vulnerabilities, the software looks for open-source packages with overly restrictive licenses and combines SCA findings with infrastructure-as-code analysis to spot vulnerabilities embedded in container dependencies.
There are multiple ways to integrate the scanner into the development process, including a command line interface that can be used to scan repositories locally and plugins are available for integrated development environments.
Prisma Cloud is also being enhanced with SBOM capabilities to enable developers to maintain and reference a complete codebase inventory of every application component used across cloud environments
Below are the other features.
- Dashboard to prioritize risk remediation,
- Unified misconfiguration, for determining the contextual risk of cloud assets
- Fine-grained and consistent management of least-privilege access