Git Product home page Git Product logo

paloaltonetworks / prisma-cloud-compute-sample-code Goto Github PK

View Code? Open in Web Editor NEW
32.0 8.0 39.0 14.18 MB

Example scripts, snippets, and other documents related to Prisma Cloud Compute

Home Page: https://www.paloaltonetworks.com/prisma/cloud

License: Apache License 2.0

PowerShell 3.02% Shell 12.97% Python 21.17% HTML 21.02% CSS 1.47% Jinja 1.70% Open Policy Agent 37.95% Dockerfile 0.69%
prisma-cloud-compute-edition samples examples twistlock prisma-cloud

prisma-cloud-compute-sample-code's Introduction

Prisma Cloud Compute Sample Code

IMPORTANT: Please see SUPPORT.md for the official support policy for the contents of this repository.

Prisma Cloud logo

The new home for Twistlock Sample Code!

This repository has code samples that focus on automation and enhancing usability. If you have something that fits in and you think may be useful to others, we encourage you to contribute!

A few of our projects have outgrown a repository for "sample code", so please check out their dedicated repositories below.

Active projects in other repositories

  • GitHub Action - Scan images as they're built in your GitHub workflow and display results directly in your repository.
  • Operator - Automatically deploy and set up Console and Defenders in any Kubernetes or OpenShift cluster.
  • Splunk app for incidents and forensics - Fetch runtime incidents and their forensic data and display the information in a Splunk dashboard.
  • Terraform provider - Fit the management of collections, policies, and more into your GitOps workflows.

Support

Please read SUPPORT.md for details on how to get support for this project.

prisma-cloud-compute-sample-code's People

Contributors

dependabot[bot] avatar kyle9021 avatar ngarg-panw avatar pranayss avatar sgordon46 avatar sullivan1337 avatar tmprender avatar wfg avatar yuvalavra avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

hemakoneni wakha1 hssong97 ngarg-panw woahd emmanuel-wang yuvalavra enwankwopanw emnwankwo jvillmer seantbooker boscodon kyle9021 demwangpalo rahmadpanw ipalvr tmprender pan258 arunkpskpm altugyildirim code4all-user georgetor2020 darrenkim74 pcs-lab-org pranayss rannaladasu hearsilent quasys-tech gr8sk8s tommynsong slaclairpanw amckenzie7 panw-prismacloud jepsenwan okostine-panw apssu imroot01 juanpnavnetdata arnaudpion

prisma-cloud-compute-sample-code's Issues

twistcli output schema for GitLab CI/CD

Is your feature request related to a problem?

My organization is both a GitLab Ultimate and Prisma Cloud Compute customer. We are attempting to integrate Prisma Container Scans with the GitLab Container Scanning widget, however it has a specific json schema in order to be ingested.

Describe the solution you'd like

It would be ideal if twistcli was able to generate a JSON output that adhered to the GitLab Ultimate Container Scanning Report Schema.

Describe alternatives you've considered

Writing custom code that will convert from the source twistcli JSON to the destination GitLab schema for report ingestion.

Additional context

https://docs.gitlab.com/ee/development/integrations/secure.html#report
https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/de53e7e533e012fefa1b937c2661091adbae8209/dist/container-scanning-report-format.json

running twistcli from a container securely

Is your feature request related to a problem?

we are building containers and the containers needs to be scanned for CVE's. we chose twistlock to do the job. we use gitlab and gitlab-runners are running as containers on a shared kubernetes infra where running privileged containers is disallowed.

As mentioned in the sample code, here cicd/gitlab/.gitlab-ci.yml you need to depend on dind (docker-in-docker) container to run twistcli. As twistcli requires a docker socket to scan the container image.
This is insecure ways of running a container. And in our production environments, we are disallowed to run privileged containers. I explored few solutions but cannot seem to find any alternatives.

Describe the solution you'd like

twistcli must be run from a container with out the need for the container to be running in a privileged mode.

Describe alternatives you've considered

As of now, i have to setup a standalone virtual machine, install docker on it and configure a gitlab-runner there & setup a shell executor to execute the twistcli remotely on this agent host.

Additional context

Can we help run twistlock from a container securely. as docker:dind or docker:dood alternatives are not secure.

[Community Health Assessment] Changes needed

Health Check Pass Score More Info
Contains a meaningful README.md file 20 / 20 More info
SUPPORT.md file exists 20 / 20 More info
Repo has a description 15 / 15 More info
Has a recognized open source license 15 / 15 More info
Has a descriptive repo name 15 / 15 More info
Required topics attached to repo 15 / 15 More info
CONTRIBUTING.md file with contribution guidelines 0 / 5 More info
Has custom issue and pull request templates 0 / 5 More info

Current score: 100
Target threshold: 100
Total possible: 110

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.