* [Blog](https://www2.paloaltonetworks.com/blog)
* [Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security)
* Code Security

# Cloud Security

## Code Security

[![An Inside Look into ASPM: Five Findings from New Industry Research](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2025/05/GettyImages-562451669-edit-scaled.jpg)](https://www2.paloaltonetworks.com/blog/cloud-security/aspm-research-omdia/)  
[An Inside Look into ASPM: Five Findings from New Industry Research
\------------------------------------------------------------------](https://www2.paloaltonetworks.com/blog/cloud-security/aspm-research-omdia/)

ASPM is emerging as the orchestration layer for AppSec. Explore key findings in new research from Omdia on risk reduction, automation, and tool convergence.  
[AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown)  
[ASPM](https://www.paloaltonetworks.com/blog/cloud-security/category/aspm/?ts=markdown)  
[Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)  
[Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown)  
[DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)  
[Research](https://www.paloaltonetworks.com/blog/cloud-security/category/research/?ts=markdown)  
Feb 09, 2026  
By [Cameron Hyde](https://www.paloaltonetworks.com/blog/author/cameron-hyde/?ts=markdown "Posts by Cameron Hyde")

## Cloud Security

*** ** * ** ***

[Application Security](https://www.paloaltonetworks.com/blog/cloud-security/category/application-security/?ts=markdown)

*** ** * ** ***

[Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown)

*** ** * ** ***

[Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown)

*** ** * ** ***

[AI Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security-posture-management/?ts=markdown)

*** ** * ** ***

[Cloud Native Application Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-native-application-platform/?ts=markdown)

*** ** * ** ***

![Checkov 3.0: Upgraded Open-Source Infrastructure-as-Code Security](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2023/10/image2.png)  
[Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/category/devsecops/?ts=markdown)

## [Checkov 3.0: Upgraded Open-Source Infrastructure-as-Code Security](https://www2.paloaltonetworks.com/blog/cloud-security/checkov-upgrade-iac-security/)

Updates to Checkov's open-source infrastructure-as-code security provides deeper Terraform scanning, improved secrets security, and simplified policy definitions.  
Oct 25, 2023  
By [Matt Johnson](https://www.paloaltonetworks.com/blog/author/matt-johnson/?ts=markdown "Posts by Matt Johnson")  
![High-Severity Vulnerabilities Discovered in WebM Project’s Libraries](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2023/09/Coding.jpg)  
[Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown)

## [High-Severity Vulnerabilities Discovered in WebM Project's Libraries](https://www2.paloaltonetworks.com/blog/cloud-security/high-severity-vulnerabilities-webm-project-libraries/)

Learn about the high-severity vulnerabilities discovered in WebM Project's libwebp and libvpx libraries and get practical tips to protect your organization from attack.  
Oct 05, 2023  
By [Sharon Ben Zeev](https://www.paloaltonetworks.com/blog/author/sharon-ben-zeev/?ts=markdown "Posts by Sharon Ben Zeev"), [Tohar Zand](https://www.paloaltonetworks.com/blog/author/tohar-zand/?ts=markdown "Posts by Tohar Zand") and [Artur Oleyarsh](https://www.paloaltonetworks.com/blog/author/artur-oleyarsh/?ts=markdown "Posts by Artur Oleyarsh")  
![LLM in the Cloud — Advantages and Risks](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2023/07/NetSec-Adhoc-Updated-Blog-Image-Resize-508484039-1.png)  
[Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown), [Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

## [LLM in the Cloud --- Advantages and Risks](https://www2.paloaltonetworks.com/blog/2023/07/llm-in-the-cloud/)

The development of large language models (LLMs) has shown great promise in enhancing cloud security.  
Jul 20, 2023  
By [Daniel Prizmant](https://www.paloaltonetworks.com/blog/author/daniel-prizmant/?ts=markdown "Posts by Daniel Prizmant") and [Jay Chen](https://www.paloaltonetworks.com/blog/author/jay-chen/?ts=markdown "Posts by Jay Chen")  
![How to Embrace Kubernetes Security With Checkov’s Graph Connections](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2021/10/Should-be-Mac.jpg)  
[Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/category/devsecops/?ts=markdown)

## [How to Embrace Kubernetes Security With Checkov's Graph Connections](https://www2.paloaltonetworks.com/blog/cloud-security/kubernetes-security-with-checkov-graph-connections/)

Learn how Checkov's graph-based security checks for Kubernetes can help protect your Kubernetes workloads from attack - without noisy alerts.  
May 17, 2023  
By [Matt Johnson](https://www.paloaltonetworks.com/blog/author/matt-johnson/?ts=markdown "Posts by Matt Johnson")  
![It’s Not All Bad! Using Cloud Drift for Teachable Moments](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2022/04/Smiling-Man-2.jpg)  
[Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/category/devsecops/?ts=markdown)

## [It's Not All Bad! Using Cloud Drift for Teachable Moments](https://www2.paloaltonetworks.com/blog/cloud-security/using-cloud-drift-for-teachable-moments/)

Stack Overflow's 2021 Developer Survey found that 54% of developers use AWS, yet only 7% use Terraform. That means that far more developers have adopted provisioning, managing and decommissioning cloud infrastr...  
Feb 14, 2023  
By [Taylor Smith](https://www.paloaltonetworks.com/blog/author/taylor-smith/?ts=markdown "Posts by Taylor Smith")  
![The Key to DevSecOps Success: Cross-Team Knowledge Sharing](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2022/06/In-All-Seriousness.jpg)  
[Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/category/devsecops/?ts=markdown)

## [The Key to DevSecOps Success: Cross-Team Knowledge Sharing](https://www2.paloaltonetworks.com/blog/cloud-security/the-key-to-devsecops-success-cross-team-knowledge-sharing/)

A good DevSecOps strategy goes beyond having the right tools and processes in place: it requires consistent and crucially, bi-directional feedback and learning. Both security and e...  
Feb 02, 2023  
By [Taylor Smith](https://www.paloaltonetworks.com/blog/author/taylor-smith/?ts=markdown "Posts by Taylor Smith")  
![From Manifest to Workload: Embedding Kubernetes Security at Each Phase of the DevOps Lifecycle](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2023/01/ASM-cyber-resilience.jpg)  
[Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/category/devsecops/?ts=markdown)

## [From Manifest to Workload: Embedding Kubernetes Security at Each Phase of t...](https://www2.paloaltonetworks.com/blog/cloud-security/devops-lifecycle-embedding-kubernetes-security/)

Part of the answer is to identify and address security risks within the various components of Kubernetes itself as well as their configurations. You can do this by, for example, va...  
Jan 24, 2023  
By [Chris Tozzi](https://www.paloaltonetworks.com/blog/author/chris-tozzi/?ts=markdown "Posts by Chris Tozzi")  
![Exposed Credentials Across the DevSecOps Pipeline: 5 Places Secrets Hide in Plain Sight](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2022/10/iStock-1194430859-edit-1280x1280-1.jpeg)  
[Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/category/devsecops/?ts=markdown)

## [Exposed Credentials Across the DevSecOps Pipeline: 5 Places Secrets Hide in...](https://www2.paloaltonetworks.com/blog/cloud-security/exposed-credentials-across-the-devsecops-pipeline/)

Developers leverage hardcoded credentials to seamlessly access or authenticate the services needed to build and deploy applications. While this practice streamlines development, it...  
Jan 17, 2023  
By [Julia Benson](https://www.paloaltonetworks.com/blog/author/julia-benson/?ts=markdown "Posts by Julia Benson")  
![API Security and Threat Intelligence Reduce Attack Surface in Prisma Cloud Workload Protection Release](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2022/12/NetSec-Adhoc-Updated-Blog-Image-Resize-450823971-2.png)  
[API Security](https://www.paloaltonetworks.com/blog/cloud-security/category/api-security/?ts=markdown), [Application Security](https://www.paloaltonetworks.com/blog/cloud-security/category/application-security/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown), [Code to Cloud](https://www.paloaltonetworks.com/blog/cloud-security/category/code-to-cloud/?ts=markdown)

## [API Security and Threat Intelligence Reduce Attack Surface in Prisma Cloud ...](https://www2.paloaltonetworks.com/blog/cloud-security/api-security-threat-intel-reduce-attack-surface/)

Learn about the latest capabilities for application security at runtime including API Secu...  
Dec 19, 2022  
By [Ivan Melia](https://www.paloaltonetworks.com/blog/author/ivan-melia/?ts=markdown "Posts by Ivan Melia")  
![Prevent Secret Leaks: Find and Secure Secrets Across Your Repositories and Pipelines](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2022/12/Confirming.jpg)  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

## [Prevent Secret Leaks: Find and Secure Secrets Across Your Repositories and ...](https://www2.paloaltonetworks.com/blog/cloud-security/secrets-security-across-files-repositories-pipelines/)

Secrets security requires detection across hundreds of access tokens, API keys, certificates, passwords, etc., embedded into existing developer workfl...  
Dec 13, 2022  
By [Taylor Smith](https://www.paloaltonetworks.com/blog/author/taylor-smith/?ts=markdown "Posts by Taylor Smith")  
![Full-Stack Code Visibility With Prisma Cloud Software Bill of Materials (SBOM) Generation](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2021/10/Should-be-Mac.jpg)  
[Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/category/devsecops/?ts=markdown)

## [Full-Stack Code Visibility With Prisma Cloud Software Bill of Materials (SB...](https://www2.paloaltonetworks.com/blog/cloud-security/full-stack-visibility-with-software-bill-of-materials-generation/)

Learn how to get visibility into risk exposure and prevent supply chain attacks with software bill of materials (SBOM) generation capabilities.  
Oct 05, 2022  
By [Taylor Smith](https://www.paloaltonetworks.com/blog/author/taylor-smith/?ts=markdown "Posts by Taylor Smith")  
![Join Prisma Cloud at KubeCon NA October 24-28 in Detroit](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2021/06/Fresh-Air-Woman.jpg)  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Event](https://www.paloaltonetworks.com/blog/category/event/?ts=markdown)

## [Join Prisma Cloud at KubeCon NA October 24-28 in Detroit](https://www2.paloaltonetworks.com/blog/cloud-security/kubecon-na-2022/)

KubeCon - where leaders in the OS and cloud native communities are gathering for education and advancement of cloud native computing.  
Oct 04, 2022  
By [Cameron Hyde](https://www.paloaltonetworks.com/blog/author/cameron-hyde/?ts=markdown "Posts by Cameron Hyde")  
Load more blogs

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language