The Prisma Cloud plugin for JetBrains leverages the capabilities of Prisma Cloud Code Security, a static code analysis tool designed specifically to scan code for Infrastructure-as-Code (IaC) misconfigurations, Software Composition Analysis (SCA) issues and Secrets vulnerabilities.
By integrating the Prisma Cloud plugin into JetBrains, developers receive real-time scan results and inline fix suggestions while developing code. You can download the plugin directly from the JetBrains Plugin Marketplace.
-
Scans
-
Scans for IaC misconfigurations, SCA vulnerabilities, and Secrets and License violations
-
Includes 1000+ built-in policies covering security and compliance best practices for AWS, Azure, Google Cloud, Bitbucket and Alibaba cloud providers
-
Comprehensive IaC scans for Terraform, Terraform Plan, CloudFormation, Kubernetes, Helm, Serverless and ARM templates
-
Supports Terraform and CloudFormation checks that accurately evaluate arguments expressed in variables and remote modules
-
Detects AWS credentials in EC2 User Data, Lambda environment variables, and Terraform providers
-
-
Fixes: Provides automated inline fix capabilities for IaC and SCA issues directly within the editor
-
Documented guidelines for commonly misconfigured attributes, secrets and licenses
-
Supports inline suppression via comments to skip specific checks
The following package managers and languages, along with their corresponding file formats, are supported:
- NPM: Package.json, package-lock.json, yarn.lock, bower.json
- Python: Requirements.txt, Pipfile, pipfile.lock
- Go: Go.mod, go.sum
- Maven: Pom.xml (including parent POMs)
- Gradle: Build.gradle, gradle.properties, gradle-wrapper.properties
- Kotlin: Build.gradle.kts
- .NET: Packages.config, *.csproj, Paket
- Ruby: Gemspec, gemfile, gemfile.lock
- PHP Composer: Coming soon
The following infrastructure-as-code frameworks are supported:
| Terraform | CloudFormation | Kubernetes |
|---|---|---|
| Serverless | Helm | TerraformPlan |
| ARM | Dockerfile | Bicep |
| Kustomize | OpenAPI |
The Prisma Cloud plugin automatically invokes the latest version of Prisma Cloud Code Security.
-
Using IDE built-in plugin system:
Settings/Preferences>Plugins>Marketplace>Search for "Prisma Cloud">Install Plugin -
Manually:
In your IDE: Select Settings/Preferences (for Windows/Mac) > Plugins > ⚙️ > Install plugin from disk...
-
Subscribe to the Application Security module in Prisma Cloud.
-
Generate and save a Prisma Cloud access key which consists of an Access Key ID and Secret.
-
Configure plugin settings: In JetBrains IDE navigate to
Settings>Tools>Prisma Cloudand fill in the provided fields:
- Access ID and Secret (required)
- Custom CA certificate (recommended): Provide a custom CA certificate by specifying the path to the certificate file.
NOTE: Ensure that the certificate file is in the PEM format.
- Scan a project: Click scan or the Play button to scan a project
- Scan a file: Open a file. A scan will run automatically when opening or saving a file
- Scan results include details of violating policies and provide a link to step-by-step fixes or guidelines based on the Prisma Cloud Code Security fix dictionaries:
-- In-line fixes: Prisma Cloud Code Security highlights errors in the editor as you code, including details of the violating policy. To fix an error, select the line with the issue to display a popup with the description and suggested fix
-- Problems tool panel at the bottom of the screen: Lists vulnerabilities in the left pane. Click on a vulnerability to display its details. If a fix is available, select the Fix button that is displayed in the top right of the panel. Otherwise refer to suggested solutions or the documentation to resolve the issue
-- Suppression: You can skip checks by clicking the Suppression button in the popup or in the Error view of the Problems tool panel
Troubleshoot errors directly in the JetBrains UI using the Event Log.
The plugin uses Prism Cloud’s ‘fixes’ API to analyze code and produce fixes, enhancing the results displayed in the JetBrains IDE. When a scan detects violations of Prisma Cloud policies in files, those files are passed to the ‘fixes’ API for the sole purpose of generating inline code fixes. For information about data collected and shared with Prisma Cloud when using Prisma Cloud Code Security, please refer to Prisma Cloud’s Privacy Policy.
Prisma Cloud builds and maintains Prisma Cloud Code Security to secure your engineering environment. Start with our Documentation. If you need direct support you can email us at [email protected].
The plugin is based on the Jetbrains Platform Plugin Template.