Enhancement - STO Prisma scan - Request to Ingest Compliance Results
long-term
E
Electric lime Tyrannosaurus
STO Prisma step currently only ingests vulnerability results and NOT compliance results (despite Prisma producing both).
In Prisma console, we have CI threshold configured to fail on HIGH and CRITICAL findings for Vulnerabilities and Compliance. In Harness, we found that in order to ensure build fails, we need to set threshold on the step within Harness. I set this threshold to HIGH. However we are finding that Harness is only ingesting vulnerability findings and not compliance findings.
The Prisma scan will fail for compliance (which can be seen printed in output), but because Harness does not read compliance findings it is not failing the build nor populating the compliance items into security tab.
Desired outcome: Both vulnerability and compliance findings are ingested by Harness, populated to Security tab, and build failure can be tied to vulnerability AND compliance results based on defined threshold.
Log In
Pritesh Chandaliya
Electric lime Tyrannosaurus are you still blocked on this and need any help?
E
Electric lime Tyrannosaurus
Hi Pritesh Chandaliya, I wanted to propose in the short term to have the option for Harness build to align with Prisma scan outcome (so if Prisma scan fails, Harness pipeline fails). This would help us a lot to be able to use this step. Then longer term you can decide internally if Harness should ingest/process compliance findings. Thank you!
Pritesh Chandaliya
long-term
Today we only ingest vulnerability data from all the scanners we support.
This is a feature request and also needs internal alignment if we want to move in the direction where we support compliance data as well.
During our Q3 planning, I will look into it (already noted) and prioritize this effort accordingly. Thanks1
E
Electric lime Tyrannosaurus
(Case: #63421)