* [Blog](https://www2.paloaltonetworks.com/blog)
* [Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Security](https://www2.paloaltonetworks.com/blog/category/cloud-security/)
* Shifting Security Left wi...

# Shifting Security Left with Prisma Cloud and HashiCorp Packer

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fsecure-hashicorp-packer-images%2F)  
[](https://twitter.com/share?text=Shifting+Security+Left+with+Prisma+Cloud+and+HashiCorp+Packer&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fsecure-hashicorp-packer-images%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fsecure-hashicorp-packer-images%2F&title=Shifting+Security+Left+with+Prisma+Cloud+and+HashiCorp+Packer&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/cloud-security/secure-hashicorp-packer-images/&ts=markdown)  
\[\](mailto:?subject=Shifting Security Left with Prisma Cloud and HashiCorp Packer)  
Link copied  
By [Derek Rogerson](https://www.paloaltonetworks.com/blog/author/derek-rogerson/?ts=markdown "Posts by Derek Rogerson")  
Nov 01, 2024  
4 minutes  
[Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)  
[Compliance](https://www.paloaltonetworks.com/blog/cloud-security/category/compliance/?ts=markdown)  
[DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)  
[HashiCorp](https://www.paloaltonetworks.com/blog/tag/hashicorp/?ts=markdown)  
[Partners](https://www.paloaltonetworks.com/blog/tag/partners/?ts=markdown)

*Use Prisma Cloud to secure Packer images by HashiCorp and protect your entire CI/CD pipeline with comprehensive compliance support.*

In the ever-changing landscape of cloud infrastructure automation and security, Palo Alto Networks stands out as a HashiCorp Technology Partner of the Year and Collaboration Partner of the Year.

HashiCorp customers can enhance the security of their cloud use cases with Prisma Cloud's [code security solution](https://www.paloaltonetworks.com/prisma/cloud/cloud-code-security) across their multicloud and on-premises environments.

## Secure Your Golden Image Pipeline with HashiCorp Packer and Prisma Cloud

A golden image pipeline is a process that generates images to use as a base for deploying applications. These images, also known as master images, clone images, or baseline images, are snapshots of a system that are used to create new instances.

[HashiCorp Packer](https://www.packer.io/) is a utility that allows for the creation of identical golden images across multiple platforms using a single-source configuration and thoroughly integrates with [HashiCorp Terraform](https://www.terraform.io/) infrastructure as code (IaC). Combining Prisma Cloud and HashiCorp solutions, lets you automate your builds securely and meet compliance across multiple clouds:

* **Secure your automated image builds with Packer**

Securely automate the creation of any type of machine or container image and customize images to match application and organizational requirements.

* **Secure your golden image pipeline**

Integrate with Prisma Cloud image security management and secure automated provisioning workflows everywhere in the build and pipeline.

* **Security to support multicloud image compliance**

Operate on one simple and single-source of truth for security and compliance in your image workflows, even when provisioning across multiple clouds.

* **Security for both Packer and Terraform technologies with Prisma Cloud**

Create multicloud golden image pipelines with HashiCorp Packer and Terraform, secured by Prisma Cloud image scans and CI/CD monitoring.

When a Packer build is complete, Prisma Cloud can natively execute a security scan for your image and assess for any potential risks. Prisma Cloud enforces policies against any predefined compliance or vulnerability thresholds and, if risks are present, the build instance is terminated and a risky golden image is not published. Vulnerability thresholds are set in the Prisma Cloud console to provide a single source of truth for security operations teams managing across multiple builds.

Together, the Prisma Cloud and HashiCorp cloud-native integration means build administrators can [automatically create and execute builds that already adhere to existing security policy,](https://www.paloaltonetworks.com/blog/prisma-cloud/securing-golden-images-hashicorp-packer/) to help ensure secure and compliant build output.

## Security Benefits With Prisma Cloud and Golden Image Pipelines

Golden image pipelines can be secured by Prisma Cloud with security best practices like:

* **Security hardening with centralized policy** Prisma Cloud helps teams follow security policies, for both standard and custom policies.
* **App and pipeline monitoring** The Prisma Cloud agent monitors and alerts on application and pipeline risk.
* **Vulnerability scanning**  
  Prisma Cloud scans images across the build phase and pipeline and into runtime to reduce vulnerability risk and report on compliance.

The benefits of using a golden image pipeline include: decreased deployment time, increased efficiency, lower risk, reduced chance for developer error, and easier pipeline maintenance. Using a golden image pipeline provides these significant security benefits by ensuring consistent, standardized system configurations across all deployed environments.

Teams should leverage tools like HCP Terraform and HCP Packer to create and automate a golden image pipeline, and then complement these tools with security from Prisma Cloud and Palo Alto Networks to ensure safe delivery and runtime protection.

## Webinar: Learn How Prisma Cloud Secures Packer Images and Your Pipeline as Code

With Palo Alto Networks and HashiCorp together, you can effectively [shift left](https://www.paloaltonetworks.com/cyberpedia/shift-left-security) and add codified security to your image development pipeline. By shifting security into the code and build process you are taking the necessary steps to secure your preferred base image, which can then be shared as a standard across the organization. With Prisma Cloud you can ensure this automated security remains vigilant against vulnerabilities and supports meeting compliance during runtime as well.

Want to learn more about securing images built with HashiCorp Packer? **Join Palo Alto Networks on Wednesday November 6, 2024, for a** [deep dive into securing HashiCorp Packer images with Prisma Cloud](https://urldefense.proofpoint.com/v2/url?u=https-3A__www.hashicorp.com_events_webinars_shifting-2Dsecurity-2Dleft-2Dwith-2Dprisma-2Dcloud-2Dand-2Dhashicorp-2Dpacker-2Damericas-3Futm-5Fsource-3Dpartner-26utm-5Fmedium-3Demail-26utm-5Fcampaign-3D25Q4-5FAMER-5FSHIFTINGSECURITYLEFTWITHPRISMAANDPACKER-5FWEBINAR-26utm-5Fcontent-3D-26utm-5Foffer-3Dwebinar&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=yOoJd7zKyz9bZBIVi6A-SO7eJeiqOnhN3o1AdOiV2w4&m=T2q3_1EAzOfrX0r4VVytUe5chTKSWlxVIHPrBiXgx-h2ormjK9r91wigXcQh_R_5&s=kahd_Hfv89-RpBeXw9O2dOQ_iUvZRdQob1fOff5q07g&e=)**.** In this webinar you'll learn directly from HashiCorp and Palo Alto Networks experts on how to automate and manage security for your images, even as requirements change throughout the pipeline, and how to lock-down your golden images built with HashiCorp Packer.

*** ** * ** ***

## Related Blogs

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Compliance](https://www.paloaltonetworks.com/blog/cloud-security/category/compliance/?ts=markdown)

[#### 5 Best Practices To Help Secure Docker with Prisma Cloud](https://www2.paloaltonetworks.com/blog/cloud-security/security-best-practices-docker/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)

[#### Shift Left: Should You Push It or Pull It?](https://www2.paloaltonetworks.com/blog/cloud-security/shift-left-code-cloud-integration/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Compliance](https://www.paloaltonetworks.com/blog/cloud-security/category/compliance/?ts=markdown)

[#### Reduce Your Risk with the Kubernetes CIS Benchmark and Prisma Cloud](https://www2.paloaltonetworks.com/blog/cloud-security/secure-kubernetes-cis-benchmark/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Compliance](https://www.paloaltonetworks.com/blog/cloud-security/category/compliance/?ts=markdown)

[#### 4 Best Practices for Using Prisma Cloud with Alibaba Cloud](https://www2.paloaltonetworks.com/blog/cloud-security/4-best-practices-for-using-prisma-cloud-with-alibaba-cloud/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Compliance](https://www.paloaltonetworks.com/blog/cloud-security/category/compliance/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### 5 Best Practices for Using Prisma Cloud with Oracle Cloud Infrastructure](https://www2.paloaltonetworks.com/blog/cloud-security/security-best-practices-oracle-cloud-oci/)

### [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Compliance](https://www.paloaltonetworks.com/blog/cloud-security/category/compliance/?ts=markdown)

[#### Stay Ahead of Cyberthreats: Prisma Cloud and the Essential Eight Framework](https://www2.paloaltonetworks.com/blog/cloud-security/essential-eight-cybersecurity-framework/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language