Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
How to use prancer configuration wizard for easy repository onboarding for ia c security
1. How to use Prancer configuration wizard for easy repository
onboarding for IaC Security
Introduction
Prancer cloud security platform uses various configuration files to do the static code analysis on
IaC templates. Compiling these individual files from scratch is time-consuming and an advanced
subject many users don’t need to know in their day-to-day activities. For the easy onboarding of
accounts and repositories into the Prancer cloud security platform, we suggest using the
“Configuration Wizard” feature. With just a few clicks, your accounts are onboarded, and you
are ready to go! In this post, we want to show you how to do that.
Using Configuration Wizard
Let us see how to use the configuration wizard to connect to different repositories and then be
able to IAC scan those repositories.
You need to log in to the Prancer Cloud Security platform. On the admin section, there is a
“Configuration Wizard” link available.
On the “Configuration Wizard” page, the first step is to give a name to the collection. A
collection name could be related to your cloud, repo, project, business unit, or any other
categorization you would like to have in your environment. for example, we put Test ABC in the
text box. You need to select IAC to do static code analysis and configure the options. Now you
can proceed to the next screen.
2. The next step for you is to select what kind of IAC scan you want to run. Various IaC formats
are being supported in Prancer Cloud Security Platform for Static Code Analysis. Prancer
supports both native and third-party formats, including Azure ARM templates, AWS cloud
formation, Google deployment files, Kubernetes objects, HELM, and terraform for Azure, AWS,
and GCP. Any of these items can be selected as your IaC type. In this example, let us choose the
Azure ARM template and then connect it to GitHub for authentication. In the next step, the
configuration wizard shows you the GitHub authentication page. You can authorize it to access
the repositories that we have and then the list of repositories available here to choose from. You
can select your IaC code repository and then click on the finish button.
3. The wizard goes on and then creates all the configuration items that are needed. When the
process finishes, you can go to the report page and see the results. The wizard shows you it has
successfully added all the compliance tests for the account and run the tests here, and that is it
with the use of the wizard.
It is easy for you to connect to any IaC code repositories to do the IAC scan the codes. Then, the
reports are available on the report page.