Shifting Security Left with Prisma Cloud and HashiCorp Packer

Nov 01, 2024
4 minutes
... views

Use Prisma Cloud to secure Packer images by HashiCorp and protect your entire CI/CD pipeline with comprehensive compliance support.

In the ever-changing landscape of cloud infrastructure automation and security, Palo Alto Networks stands out as a HashiCorp Technology Partner of the Year and Collaboration Partner of the Year.

HashiCorp customers can enhance the security of their cloud use cases with Prisma Cloud's code security solution across their multicloud and on-premises environments.

Secure Your Golden Image Pipeline with HashiCorp Packer and Prisma Cloud

A golden image pipeline is a process that generates images to use as a base for deploying applications. These images, also known as master images, clone images, or baseline images, are snapshots of a system that are used to create new instances.

HashiCorp Packer is a utility that allows for the creation of identical golden images across multiple platforms using a single-source configuration and thoroughly integrates with HashiCorp Terraform infrastructure as code (IaC). Combining Prisma Cloud and HashiCorp solutions, lets you automate your builds securely and meet compliance across multiple clouds:

  • Secure your automated image builds with Packer

Securely automate the creation of any type of machine or container image and customize images to match application and organizational requirements.

  • Secure your golden image pipeline

Integrate with Prisma Cloud image security management and secure automated provisioning workflows everywhere in the build and pipeline.

  • Security to support multicloud image compliance

Operate on one simple and single-source of truth for security and compliance in your image workflows, even when provisioning across multiple clouds.

  • Security for both Packer and Terraform technologies with Prisma Cloud

Create multicloud golden image pipelines with HashiCorp Packer and Terraform, secured by Prisma Cloud image scans and CI/CD monitoring.

When a Packer build is complete, Prisma Cloud can natively execute a security scan for your image and assess for any potential risks. Prisma Cloud enforces policies against any predefined compliance or vulnerability thresholds and, if risks are present, the build instance is terminated and a risky golden image is not published. Vulnerability thresholds are set in the Prisma Cloud console to provide a single source of truth for security operations teams managing across multiple builds.

Together, the Prisma Cloud and HashiCorp cloud-native integration means build administrators can automatically create and execute builds that already adhere to existing security policy, to help ensure secure and compliant build output.

Security Benefits With Prisma Cloud and Golden Image Pipelines

Golden image pipelines can be secured by Prisma Cloud with security best practices like:

  • Security hardening with centralized policy
    Prisma Cloud helps teams follow security policies, for both standard and custom policies.
  • App and pipeline monitoring
    The Prisma Cloud agent monitors and alerts on application and pipeline risk.
  • Vulnerability scanning
    Prisma Cloud scans images across the build phase and pipeline and into runtime to reduce vulnerability risk and report on compliance.

The benefits of using a golden image pipeline include: decreased deployment time, increased efficiency, lower risk, reduced chance for developer error, and easier pipeline maintenance. Using a golden image pipeline provides these significant security benefits by ensuring consistent, standardized system configurations across all deployed environments.

Teams should leverage tools like HCP Terraform and HCP Packer to create and automate a golden image pipeline, and then complement these tools with security from Prisma Cloud and Palo Alto Networks to ensure safe delivery and runtime protection.

Webinar: Learn How Prisma Cloud Secures Packer Images and Your Pipeline as Code

With Palo Alto Networks and HashiCorp together, you can effectively shift left and add codified security to your image development pipeline. By shifting security into the code and build process you are taking the necessary steps to secure your preferred base image, which can then be shared as a standard across the organization. With Prisma Cloud you can ensure this automated security remains vigilant against vulnerabilities and supports meeting compliance during runtime as well.

Want to learn more about securing images built with HashiCorp Packer? Join Palo Alto Networks on Wednesday November 6, 2024, for a deep dive into securing HashiCorp Packer images with Prisma Cloud. In this webinar you’ll learn directly from HashiCorp and Palo Alto Networks experts on how to automate and manage security for your images, even as requirements change throughout the pipeline, and how to lock-down your golden images built with HashiCorp Packer.

 


Subscribe to Cloud Native Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.