* [Blog](https://www2.paloaltonetworks.com/blog) * [Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/) * [AppSec](https://www2.paloaltonetworks.com/blog/cloud-security/category/appsec/) * Drive Towards Preventing ... # Drive Towards Preventing Breaches and Pipeline Attacks with Prisma Cloud [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fcicd-security-cnapp-risk-prevention%2F) [](https://twitter.com/share?text=Drive+Towards+Preventing+Breaches+and+Pipeline+Attacks+with+Prisma+Cloud&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fcicd-security-cnapp-risk-prevention%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fcicd-security-cnapp-risk-prevention%2F&title=Drive+Towards+Preventing+Breaches+and+Pipeline+Attacks+with+Prisma+Cloud&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/cloud-security/cicd-security-cnapp-risk-prevention/&ts=markdown) \[\](mailto:?subject=Drive Towards Preventing Breaches and Pipeline Attacks with Prisma Cloud) Link copied By [Taylor Smith](https://www.paloaltonetworks.com/blog/author/taylor-smith/?ts=markdown "Posts by Taylor Smith") Nov 14, 2023 5 minutes [AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown) [CI/CD](https://www.paloaltonetworks.com/blog/cloud-security/category/ci-cd/?ts=markdown) [Cloud Native Application Protection Platform](https://www.paloaltonetworks.com/blog/category/cloud-native-application-protection-platforms/?ts=markdown) [DevOps](https://www.paloaltonetworks.com/blog/tag/devops/?ts=markdown) [DevSecOps](https://www.paloaltonetworks.com/blog/tag/devsecops/?ts=markdown) In today's dynamic software development landscape, the agility of engineers and their tools evolve at an unprecedented rate, calling for a paradigm shift in our security approach. Modern developers prioritize moving fast, using a diverse range of tools and technologies to enhance and hasten their projects. But the fallout of continuously adapting their tooling to fit their needs and automate more deployment processes leaves security lagging, struggling to grasp the changes in their environment, let alone maintain a secure posture. Adding to their concerns is the barrage of breach headlines, particularly those involving supply chain incidents. The fear of becoming the next CodeCov casualty weighs on security teams already confronting the unknown in their [CI/CD pipelines](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security). ## Enabling Innovation While Improving Visibility and Security [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud/latest) understands today's challenges. It's designed, in fact, to seamlessly integrate into the development landscape to provide unmatched visibility, reliable security posture for pipelines, and developer-friendly code security. Organizations, in other words, gain an overarching umbrella of development security integrated into an intelligent code-to-cloud solution. ### Visibility Amidst Chaos Given the expanding arsenal of engineering tools, monitoring each one becomes an arduous task. The first step to securing this milieu involves identifying approved technologies, distinguishing new or unfamiliar ones, and determining which technologies fail to meet security standards. Prisma Cloud grants organizations a comprehensive view of their tools, illuminating the use of sanctioned and unsanctioned technology. Beginning with repositories, Prisma Cloud helps you understand what type of code is in use and which repositories have pipelines to production. With this, you can understand the difference in security requirements of an application service and a script library. ![Repositories showing an inventory of repositories with their users and technologies](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/word-image-306348-1.png) Figure 1: Repositories showing an inventory of repositories with their users and technologies Additionally, Prisma Cloud provides visibility into the tools integrated into your version control system and pipelines. This allows you to assess the risk of a vulnerable Jenkins plugin, identify your exposure to malicious executables like Codecov and comprehend the extent of specific packages like OpenSSL in your system. ![Visibility into pipeline technologies](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/word-image-306348-2.png) Figure 2: Visibility into pipeline technologies ### Securing the Supply Chain The nightmares of supply chain incidents are real. But with Prisma Cloud's CI/CD security coverage, organizations can bolster their defenses. By focusing on both the code and the pipeline, Prisma identifies ways to harden your pipelines. Aligned with the OWASP Top 10 for CI/CD risks, Prisma Cloud identifies numerous risks to your pipelines. It also provides actionable guidance to harden your version control system and pipeline, securing credentials and code throughout the delivery pipeline. ![CI/CD Risks mapped to the OWASP Top 10](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/word-image-306348-3.png) Figure 3: CI/CD Risks mapped to the OWASP Top 10 |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | ### Understanding the OWASP Top 10 CI/CD Security Risks || | 1. [Insufficient Flow Control Mechanisms](https://www.paloaltonetworks.com/cyberpedia/insufficient-flow-control-mechanisms-cicd-sec1) 2. [Inadequate Identity and Access Management](https://www.paloaltonetworks.com/cyberpedia/inadequate-iam-cicd-sec2) 3. [Dependency Chain Abuse](https://www.paloaltonetworks.com/cyberpedia/dependency-chain-abuse-cicd-sec3) 4. [Poisoned Pipeline Execution (PPE)](https://www.paloaltonetworks.com/cyberpedia/poisoned-pipeline-execution-cicd-sec4) 5. [Insufficient Pipeline-Based Access Controls](https://www.paloaltonetworks.com/cyberpedia/pipeline-based-access-controls-cicd-sec5) | 1. [Insufficient Pipeline-Based Access Controls](https://www.paloaltonetworks.com/cyberpedia/pipeline-based-access-controls-cicd-sec5) 2. [Insufficient Credential Hygiene](https://www.paloaltonetworks.com/cyberpedia/insufficient-credential-hygiene-cicd-sec6) 3. [Insecure System Configuration](https://www.paloaltonetworks.com/cyberpedia/insecure-system-configuration-cicd-sec7) 4. [Ungoverned Usage of Third-Party Services](https://www.paloaltonetworks.com/cyberpedia/ungoverned-usage-third-party-services-cicd-sec8) 5. [Improper Artifact Integrity Validation](https://www.paloaltonetworks.com/cyberpedia/improper-artifact-integrity-validation-cicd-sec9) 6. [Insufficient Logging and Visibility](https://www.paloaltonetworks.com/cyberpedia/insufficient-logging-visibility-cicd-sec10) | ### Deep Understanding of the Interconnected Dynamics Technologies and actors don't work in isolation. This pivotal truth is why security needs to understand both the posture of each component and the risks of a connection between resources. The ability to arbitrarily run pipelines with new code poses a problem, which worsens if the process leads to the exfiltration of sensitive secrets. Prisma Cloud brings together all the technologies and actors on a repository into a graph to give you valuable insights into tools and users, as well as their interactions. ![Application Graph displaying the interactions between tools and users on a repository](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/11/CI-CD-1.jpg) Figure 4: Application Graph displaying the interactions between tools and users on a repository ### Developer-Friendly Experience Perhaps the most significant pain point for engineers is the disconnect between security tools and developer environments. Prisma Cloud bridges this gap. By embedding directly into development workflows, developers receive feedback within their tools. This immediate response ensures secure-by-design code, reducing the post-development security fixes and associated delays. ![IDE showing vulnerabilities and how to fix them in context](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/word-image-306348-6.png) Figure 5: IDE showing vulnerabilities and how to fix them in context ## A Future-Ready Security Approach The future of security isn't about playing catch-up. It's about proactively securing the development environment and process. Amid rising threats and an evolving development ecosystem, it's necessary to maintain insights and control over all tools --- while also enabling development teams to use the tools they need to deliver business value. [Prisma Cloud](https://www.paloaltonetworks.com/prisma/whyprisma) provides visibility into your engineering ecosystem, as well as insights into how to create a secure development pipeline. ## Learn More Tune in to our on-demand virtual event,[CNAPP Supercharged: A Radically New Approach to Cloud Security](https://start.paloaltonetworks.com/prisma-cloud-new-innovations-for-the-future-of-cloud-security-webinar-on-demand.html), and learn about Prisma Cloud's latest innovations. In the webinar, we show you how to streamline app lifecycle protection, so be sure to watch on demand today. And don't miss this opportunity to test drive best-in-class code-to-cloud security. Experience Prisma Cloud first-hand with a free[30-day trial](https://www.paloaltonetworks.com/prisma/request-a-prisma-cloud-trial). *** ** * ** *** ## Related Blogs ### [AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown), [CI/CD](https://www.paloaltonetworks.com/blog/cloud-security/category/ci-cd/?ts=markdown), [Research](https://www.paloaltonetworks.com/blog/category/research/?ts=markdown) [#### ArtiPACKED: Hacking Giants Through a Race Condition in Github Actions Artifacts](https://www2.paloaltonetworks.com/blog/cloud-security/github-repo-artifacts-leak-tokens/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown), [CI/CD](https://www.paloaltonetworks.com/blog/cloud-security/category/ci-cd/?ts=markdown) [#### GigaOm Names Prisma Cloud a Leader in Software Supply Chain Security](https://www2.paloaltonetworks.com/blog/cloud-security/gigaom-software-supply-chain-security-market-guide/) ### [Application Security](https://www.paloaltonetworks.com/blog/category/application-security/?ts=markdown), [CI/CD](https://www.paloaltonetworks.com/blog/cloud-security/category/ci-cd/?ts=markdown) [#### All the Small Things: Azure CLI Leakage and Problematic Usage Patterns](https://www2.paloaltonetworks.com/blog/cloud-security/secrets-leakage-user-error-azure-cli/) ### [AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown), [CI/CD](https://www.paloaltonetworks.com/blog/cloud-security/category/ci-cd/?ts=markdown), [DevOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devops/?ts=markdown), [Research](https://www.paloaltonetworks.com/blog/category/research/?ts=markdown) [#### The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree](https://www2.paloaltonetworks.com/blog/cloud-security/github-actions-worm-dependencies/) ### [AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown), [CI/CD](https://www.paloaltonetworks.com/blog/cloud-security/category/ci-cd/?ts=markdown), [Research](https://www.paloaltonetworks.com/blog/cloud-security/category/research/?ts=markdown) [#### Third-Party GitHub Actions: Effects of an Opt-Out Permission Model](https://www2.paloaltonetworks.com/blog/cloud-security/github-actions-opt-out-permissions-model/) ### [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown) [#### The DevSecOps Revolution Is Here: What Is DevSecOps \& How Can It Boost Your ROI?](https://www2.paloaltonetworks.com/blog/cloud-security/devsecops-revolution-what-is-devsecops-boost-your-roi/) ### Subscribe to Cloud Security Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language