* [Blog](https://www2.paloaltonetworks.com/blog)
* [Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/)
* [DevSecOps](https://www2.paloaltonetworks.com/blog/cloud-security/category/devsecops/)
* Shift Security Left with ...

# Shift Security Left with Git Repo Vulnerability Management

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fgit-repo-vuln-management%2F)  
[](https://twitter.com/share?text=Shift+Security+Left+with+Git+Repo+Vulnerability+Management&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fgit-repo-vuln-management%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fgit-repo-vuln-management%2F&title=Shift+Security+Left+with+Git+Repo+Vulnerability+Management&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/cloud-security/git-repo-vuln-management/&ts=markdown)  
\[\](mailto:?subject=Shift Security Left with Git Repo Vulnerability Management)  
Link copied  
By [Keith Mokris](https://www.paloaltonetworks.com/blog/author/keith-mokris/?ts=markdown "Posts by Keith Mokris")  
Oct 13, 2020  
3 minutes  
[DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)  
[GitHub](https://www.paloaltonetworks.com/blog/tag/github/?ts=markdown)  
[Product Announcement](https://www.paloaltonetworks.com/blog/tag/product-announcement/?ts=markdown)

There's good evidence for a correlation between organizations that are highly prepared to deal with security events and those that embed security into their [DevOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devops) processes. In the [2020 State of Cloud Native Security Report](https://www.paloaltonetworks.com/state-of-cloud-native-security), which surveyed more than 3,000 DevOps, infrastructure, and security practitioners, 45% of companies who ranked as 'highly prepared' had adopted DevSecOps practices.

To provide teams like these the most in-depth security tools on the market, Prisma Cloud now provides git repository (repo) vulnerability management by scanning code before its committed to workflows. This is in addition to a broad set of leading capabilities that are already allowing security teams to [shift security left](https://www.paloaltonetworks.com/cyberpedia/shift-left-security)---that is, move security considerations as close to development as possible.

## Shift Left Security Across Build, Deploy, and Run

Throughout the last year, we've innovated Prisma Cloud to [deliver unified DevOps plugins](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-devops-security/prisma-cloud-plugins.html), combining infrastructure-as-code ([IaC](https://www.paloaltonetworks.com/blog/prisma-cloud/cloud-iac-build-policies/)) scanning with [container image](https://www.paloaltonetworks.com/blog/prisma-cloud/cloud-container-image-trust-groups/) and [serverless function scanning](https://www.paloaltonetworks.com/blog/prisma-cloud/protect-serverless-functions/) to secure the application lifecycle.
![Prisma Cloud capabilities across build, depoy and run.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/10/Prisma-Cloud-across-SDLC.png)
Prisma Cloud capabilities across build, depoy and run.

### Build

At the build phase of the [SDLC](https://www.paloaltonetworks.com/cyberpedia/sdlc-software-development-lifecycle), Prisma Cloud scans IaC templates for misconfigurations, integrated with software configuration managers (SCM), integrated development environments (IDE), and continuous integration (CI) tools. Additionally, users can scan container images and functions, with the ability to enforce application policies on vulnerability severity or compliance.

### Deploy

At the deploy phase, Prisma Cloud continuously monitors container registries and serverless repos to provide uninterrupted visibility and control into risk and compliance status. It also integrates with cloud native technologies, [like Open Policy Agent](https://www.paloaltonetworks.com/blog/prisma-cloud/open-policy-agent-support/), to offer additional visibility and enforcement over deployments.

### Run

At runtime, Prisma Cloud identifies visibility, protection and risk prioritizations so organizations can audit and improve their security posture across cloud infrastructure and cloud native applications. Users can [define IaC Build policies](https://www.paloaltonetworks.com/blog/prisma-cloud/cloud-iac-build-policies/) and [CI policies](https://www.paloaltonetworks.com/blog/2020/04/cloud-compute-security/) centrally from our dashboard to enhance control across the application lifecycle.

## Shifting Further Left with Git Repo Vulnerability Management

As developers and DevOps teams deploy cloud native applications with increasing release velocity, they need ways to seamlessly integrate security across the [full application lifecycle](https://www.paloaltonetworks.com/blog/2020/05/cloud-secure-cloud-native-applications/) from build to deploy to run. With our latest release, these teams can now scan git repos for known CVEs before container images or functions are built as part of [CI/CD workflows](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security).

Initial support includes Java, Python and Node. Scanning can be initiated from the vulnerability policy and code repositories window with either GitHub credentials and/or repo location.
![Modifying vulnerability management policies in Prisma Cloud.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/10/git-vulnerability-policies.png)
Modifying vulnerability management policies in Prisma Cloud.

After credentials are updated, Prisma Cloud surfaces vulnerability details within [vulnerability explorer](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_management/vuln_explorer) under the new code repository tab. Vulnerability data is updated with each commit, or at user-defined time intervals. The vulnerability details include both severity and risk factors, just like the vulnerability users see data for hosts, images or functions.
![ Code repository vulnerability alerts within Prisma Cloud](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/10/Repo-vulnerability-alerts.png)
Code repository vulnerability alerts within Prisma Cloud.

Git repo vulnerability scanning bolsters the existing host, container and serverless [vulnerability management](https://www.paloaltonetworks.com/cyberpedia/what-Is-vulnerability-management) and compliance features within Prisma Cloud.

## Even More Integrated Capabilities

When combined with the other innovative functionality in [this most recent release](http://blog.paloaltonetworks.com/2020/10/cloud-evolution-comprehensive-cnsp), git repo scanning demonstrates the powerful ability users gain in their efforts to shift security left.

For more on integrated capabilities within Prisma Cloud, download the overview [Shift Left and Enable DevSecOps](https://www.paloaltonetworks.com/resources/techbriefs/shift-left-and-enable-devsecops).

*** ** * ** ***

## Related Blogs

### [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Top 3 IAM Risks in Your GitHub Organization](https://www2.paloaltonetworks.com/blog/cloud-security/prevent-inadequate-iam-github-organization/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)

[#### Announcing Multi-Cloud Drift Detection: Keep Code and Cloud Aligned](https://www2.paloaltonetworks.com/blog/cloud-security/announcing-multi-cloud-drift-detection/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Prisma Cloud Automatically Secures Unprotected Cloud Workloads](https://www2.paloaltonetworks.com/blog/2021/04/april-2021-release-prisma-cloud/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Manage your Unmanaged Cloud with Prisma Cloud and Cortex Xpanse](https://www2.paloaltonetworks.com/blog/cloud-security/manage-unmanaged-cloud-prisma-cloud-and-cortex-xpanse/)

### [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)

[#### IAM Security Controls to Protect Cloud Entitlements](https://www2.paloaltonetworks.com/blog/cloud-security/iam-security-controls/)

### [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)

[#### Help Protect Sensitive Data with a Cloud Native Security Platform](https://www2.paloaltonetworks.com/blog/cloud-security/protect-sensitive-cloud-data/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language