The attack surface of cloud-native applications continues to grow as adversaries look to exploit misconfigurations and vulnerabilities throughout the application life cycle. In response, the industry has turned to Cloud Native Application Protection Platforms (CNAPPs) to unify multiple disparate security capabilities and protect applications from code-to-cloud. With the introduction of CI/CD security, Palo Alto Networks through Prisma Cloud, is thought to the first CNAPP to extend Security into the software delivery pipeline.
Ankur Shah, senior vice president, Prisma Cloud, Palo Alto Networks, said: “A major challenge in securing CI/CD pipelines is visibility. The myriad of third-party tools and applications running in development environments makes it almost impossible for security teams to determine if they are correctly configured. The integration of Cider’s capabilities secures the CI/CD environment and gives Prisma Cloud customers the ability to analyse individual tools, visualise how they interact with applications and each other, and identify and remediate risks.”
Daniel Krivelevich, CTO of Application Security, Prisma Cloud, Palo Alto Networks and former co-founder of Cider Security, said: “The only way to prevent insecure code from reaching production is to scan every code artifact, dependency, and ensure the delivery pipeline is effectively protected. Integrating Cider’s technology with Prisma Cloud strengthens the platform’s ability to help secure organizations' entire engineering ecosystem, ensuring only what is intended is pushed to production."
CI/CD Security is the eleventh module integrated into the robust Palo Alto Networks cloud security platform, making Prisma Cloud the most comprehensive CNAPP platform to seamlessly protect the entire application lifecycle — from code through deployment to runtime. The new module is derived from Cider Security's cutting-edge capabilities that helps organisations "shift security left" to prevent threats and vulnerabilities before applications are deployed into production environments.