Why choose Panoptica?
Four reasons you need the industry’s leading cloud-native security solution.
When working with your Infrastructure as Code (IaC) files (whether those are Terraform files, Kubernetes manifests, Helm charts, or others), it is important to be able to scan them for possible security threats. Whether you are implementing a sophisticated GitOps mechanism, or just saving your IaC files and current state of your infrastructure in a centralized repository – it is important to continuously and seamlessly monitor your infrastructure changes for security threats that may be introduced while provisioning and changing your infrastructure.
To accomplish automated security analysis for your IaC templates, you may now use the new Panoptica IaC Orb inside the CircleCI platform. If you are an existing user of CircleCI, you are most probably familiar with the concept of Orbs. An Orb is, simply put – a reusable snippet of code that you can use by initiating just one line of code inside your pipelines. Orbs can help you automate processes inside your pipelines and use third-party integration tools to further enrich your CI/CD process.
Designed for security and built for DevOps, the new Panoptica IaC Orb enables you to run security scans from within your existing CircleCI pipelines. If your repository contains IaC files, it is recommended that you integrate with the Panoptica cloud security platform to scan for potential security threats. In this blog post we will explore how to do so.
Using the new Orb is very simple. All it takes to start scanning your IaC files is to follow these three simple steps:
1. At the beginning of your pipeline config file, add the following call to the new orb:
version: 2.1 orbs: lightspin-orb: email@example.com
2. Use the declared orb in a job, in the “Jobs” section of the pipeline config file:
jobs: - lightspin-orb/lightspin_scan: friendly-name: $CIRCLE_BUILD_NUM'_circle_CI' path-to-scan: . tenant-id: LS_TENANT token: LS_TOKEN
Let’s take a minute to break down the variables defined in this job:
Note: path-to-scan, tenant-id, and token variables are not required since these have default values.
3. Configure the environment variables for the CircleCI project. In the project settings, configure the values for “LS_TENANT” and “LS_TOKEN” environment variables with their respective values:
You can review the findings detected on each scan from the IaC tab in the Panoptica platform, sorted by their severity.
In addition to information about the security risk, we highlight the specific resource or line of code that is the source of the problem.
IaC is the new de facto way of managing cloud infrastructure at scale. With increasing workloads constantly being built and deployed on top of IaC templates, it is important to keep security at the forefront while working with IaC. By shifting security left during the earliest stages, developers can ensure that they keep their code secure from build to runtime, and likewise stay alert of any implications their code may have on existing services or code.
Panoptica’s multi-layer CNAPP solution enables any engineer to secure their code at any stage of their cloud journey, from build to runtime. Panoptica offers organizations not only the ability to shift security to the earliest stages of development but provides them the much-needed context around why particular security findings are more critical than others, and what impact they may have on your business if they are not remediated.