SlideShare a Scribd company logo

Prancer iac security scanner prevents sensitive files to be checked in to remote repositories

Prancer Io
Prancer Io

Prancer Static Code Analysis scanning engine for IaC scans can prevent sensitive data in your code to be checked into the git repositories that will reduce the risk of leakage while increasing the security of your IaC pipeline.

Technology
1 of 3
Download to read offline
Prancer IaC Security scanner prevents sensitive files to be checked in to remote repositories In this blog post, we want to describe a new feature of Prancer Cloud Security Platform Static Code Analysis (SCA) engine for Infrastructure as Code (IaC). This blog post introduces a new feature that prevents sensitive files to be checked into git repositories. Background information Prancer Cloud Security Platform Static Code Analysis engine scans local and remote git repositories for all types of security misconfiguration. with this new feature, Prancer scanning engine analyzes the git repositories and if it finds any file with possible sensitive data in it, reports back to the DevOps engineers. Sensitive information are usually in the following formats: *.PFX or *.P12 – Personal Information Exchange Format *.PEM – PEM or Privacy Enhanced Mail is a Base64 encoded DER certificate *.CER or *.CRT – Base64-encoded or DER-encoded binary X.509 Certificate *.CRL – Certificate Revocation List
*.CSR – Certificate Signing Request *.DER – DER-encoded binary X.509 Certificate *.P7B or *.P7R or *.SPC – Cryptographic Message Syntax Standard .Key – key files How does it work? Prancer Static Code Analysis engine scans the repository for sensitive files. Based on this list of possibly sensitive data, Prancer Static Code Analysis engine provides a report with all files that could contain sensitive information. This is very important when committing these files to repositories due to the risk of leakage of confidential data. On the report page for IaC scans, you can see the result of finding these sensitive data: Noncompliance title: Sensitive files should not be checked into the git repo
Noncompliance description: Certain file types contain sensitive information and should not be checked into the git repositories. You need to move these files to a vault and reference them from your code. Prancer checks for the following file types to make sure they are not in the repo: *.PFX or *.P12 – Personal Information Exchange Format *.CER or *.CRT – Base64-encoded or DER-encoded binary X.509 Certificate *.PEM – PEM or Privacy Enhanced Mail is a Base64 encoded DER certificate *.CRL – Certificate Revocation List *.CSR – Certificate Signing Request *.DER – DER-encoded binary X.509 Certificate *.P7B or *.P7R or *.SPC – Cryptographic Message Syntax Standard . Key – key files How to remediate you need to add these extensions to your .gitignore file to prevent them from checking in to your repository. these files need to be moved securely to a vault to be managed securely and then referenced in your code. Conclusion In this blog post, we introduced a new Static Code Analysis engine feature that prevents sensitive files to be checked into git repositories. The latest version of the Prancer Static Code Analysis scanning engine for IaC scans can prevent sensitive data in your code to be checked into the git repositories that will reduce the risk of leakage while increasing the security of your IaC pipeline.

Recommended

Internet Security Basics
Internet Security BasicsInternet Security Basics
Internet Security BasicsBipin Jethwani
 
Securing your Container Environment with Open Source
Securing your Container Environment with Open SourceSecuring your Container Environment with Open Source
Securing your Container Environment with Open SourceMichael Ducy
 
DPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationDPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationMichelle Holley
 
DPDK IPSec performance benchmark ~ Georgii Tkachuk
DPDK IPSec performance benchmark ~ Georgii TkachukDPDK IPSec performance benchmark ~ Georgii Tkachuk
DPDK IPSec performance benchmark ~ Georgii TkachukIntel
 
DPDK Summit 2015 - Intel - Keith Wiles
DPDK Summit 2015 - Intel - Keith WilesDPDK Summit 2015 - Intel - Keith Wiles
DPDK Summit 2015 - Intel - Keith WilesJim St. Leger
 
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnSupply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnNUS-ISS
 
Fortify - Source Code Analyzer
Fortify - Source Code AnalyzerFortify - Source Code Analyzer
Fortify - Source Code Analyzern|u - The Open Security Community
 
Data Security at Scale through Spark and Parquet Encryption
Data Security at Scale through Spark and Parquet EncryptionData Security at Scale through Spark and Parquet Encryption
Data Security at Scale through Spark and Parquet EncryptionDatabricks
 

Recommended

Internet Security Basics
Internet Security BasicsInternet Security Basics
Internet Security BasicsBipin Jethwani
 
Securing your Container Environment with Open Source
Securing your Container Environment with Open SourceSecuring your Container Environment with Open Source
Securing your Container Environment with Open SourceMichael Ducy
 
DPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationDPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationMichelle Holley
 
DPDK IPSec performance benchmark ~ Georgii Tkachuk
DPDK IPSec performance benchmark ~ Georgii TkachukDPDK IPSec performance benchmark ~ Georgii Tkachuk
DPDK IPSec performance benchmark ~ Georgii TkachukIntel
 
DPDK Summit 2015 - Intel - Keith Wiles
DPDK Summit 2015 - Intel - Keith WilesDPDK Summit 2015 - Intel - Keith Wiles
DPDK Summit 2015 - Intel - Keith WilesJim St. Leger
 
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnSupply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnNUS-ISS
 
Fortify - Source Code Analyzer
Fortify - Source Code AnalyzerFortify - Source Code Analyzer
Fortify - Source Code Analyzern|u - The Open Security Community
 
Data Security at Scale through Spark and Parquet Encryption
Data Security at Scale through Spark and Parquet EncryptionData Security at Scale through Spark and Parquet Encryption
Data Security at Scale through Spark and Parquet EncryptionDatabricks
 
Cloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFCloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFRaphaël PINSON
 
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...apidays
 
How to Design a Great API (using flask) [ploneconf2017]
How to Design a Great API (using flask) [ploneconf2017]How to Design a Great API (using flask) [ploneconf2017]
How to Design a Great API (using flask) [ploneconf2017]Devon Bernard
 
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ...
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ... Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ...
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ...Furkan Turkal
 
TTL Alfresco Product Security and Best Practices 2017
TTL Alfresco Product Security and Best Practices 2017TTL Alfresco Product Security and Best Practices 2017
TTL Alfresco Product Security and Best Practices 2017Toni de la Fuente
 
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTriangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTyler Shields
 
Firebird Security (in English): The Past and The Future
Firebird Security (in English): The Past and The FutureFirebird Security (in English): The Past and The Future
Firebird Security (in English): The Past and The FutureAlexey Kovyazin
 
Source Code Properties of Defective Infrastructure as Code Scripts
Source Code Properties of Defective Infrastructure as Code ScriptsSource Code Properties of Defective Infrastructure as Code Scripts
Source Code Properties of Defective Infrastructure as Code ScriptsAkond Rahman
 
Secure Mail Application's by Ashok Panwar
Secure Mail Application's by Ashok PanwarSecure Mail Application's by Ashok Panwar
Secure Mail Application's by Ashok PanwarAshok Panwar
 
Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Alexey Dremin
 
Security in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie FrazelleSecurity in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie FrazelleParis Container Day
 
Beginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionBeginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionveerababu penugonda(Mr-IoT)
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Implementing Active Security with Sysdig Falco - Barcelona Software Crafters
Implementing Active Security with Sysdig Falco - Barcelona Software CraftersImplementing Active Security with Sysdig Falco - Barcelona Software Crafters
Implementing Active Security with Sysdig Falco - Barcelona Software CraftersNéstor Salceda
 
Implementing Active Security with Sysdig Falco - Docker Meetup Barcelona
Implementing Active Security with Sysdig Falco - Docker Meetup BarcelonaImplementing Active Security with Sysdig Falco - Docker Meetup Barcelona
Implementing Active Security with Sysdig Falco - Docker Meetup BarcelonaNéstor Salceda
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformAll Things Open
 
How to Secure Containers
How to Secure ContainersHow to Secure Containers
How to Secure ContainersSysdig
 
MeetUp: Kerberos - Protocol for Authentication & Authorization @Criteo
MeetUp: Kerberos - Protocol for Authentication & Authorization @CriteoMeetUp: Kerberos - Protocol for Authentication & Authorization @Criteo
MeetUp: Kerberos - Protocol for Authentication & Authorization @CriteoGilles Legoux
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Velocidex Enterprises
 
SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005James Morris
 
Prancer Enterprise has achieved SOC 2 Type I compliance in accordance with Am...
Prancer Enterprise has achieved SOC 2 Type I compliance in accordance with Am...Prancer Enterprise has achieved SOC 2 Type I compliance in accordance with Am...
Prancer Enterprise has achieved SOC 2 Type I compliance in accordance with Am...Prancer Io
 
Prancer Enterprise announces today the release of the Zero Trust Security Val...
Prancer Enterprise announces today the release of the Zero Trust Security Val...Prancer Enterprise announces today the release of the Zero Trust Security Val...
Prancer Enterprise announces today the release of the Zero Trust Security Val...Prancer Io
 

More Related Content

Similar to Prancer iac security scanner prevents sensitive files to be checked in to remote repositories

Cloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFCloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFRaphaël PINSON
 
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...apidays
 
How to Design a Great API (using flask) [ploneconf2017]
How to Design a Great API (using flask) [ploneconf2017]How to Design a Great API (using flask) [ploneconf2017]
How to Design a Great API (using flask) [ploneconf2017]Devon Bernard
 
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ...
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ... Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ...
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ...Furkan Turkal
 
TTL Alfresco Product Security and Best Practices 2017
TTL Alfresco Product Security and Best Practices 2017TTL Alfresco Product Security and Best Practices 2017
TTL Alfresco Product Security and Best Practices 2017Toni de la Fuente
 
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTriangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTyler Shields
 
Firebird Security (in English): The Past and The Future
Firebird Security (in English): The Past and The FutureFirebird Security (in English): The Past and The Future
Firebird Security (in English): The Past and The FutureAlexey Kovyazin
 
Source Code Properties of Defective Infrastructure as Code Scripts
Source Code Properties of Defective Infrastructure as Code ScriptsSource Code Properties of Defective Infrastructure as Code Scripts
Source Code Properties of Defective Infrastructure as Code ScriptsAkond Rahman
 
Secure Mail Application's by Ashok Panwar
Secure Mail Application's by Ashok PanwarSecure Mail Application's by Ashok Panwar
Secure Mail Application's by Ashok PanwarAshok Panwar
 
Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Alexey Dremin
 
Security in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie FrazelleSecurity in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie FrazelleParis Container Day
 
Beginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionBeginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionveerababu penugonda(Mr-IoT)
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Implementing Active Security with Sysdig Falco - Barcelona Software Crafters
Implementing Active Security with Sysdig Falco - Barcelona Software CraftersImplementing Active Security with Sysdig Falco - Barcelona Software Crafters
Implementing Active Security with Sysdig Falco - Barcelona Software CraftersNéstor Salceda
 
Implementing Active Security with Sysdig Falco - Docker Meetup Barcelona
Implementing Active Security with Sysdig Falco - Docker Meetup BarcelonaImplementing Active Security with Sysdig Falco - Docker Meetup Barcelona
Implementing Active Security with Sysdig Falco - Docker Meetup BarcelonaNéstor Salceda
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformAll Things Open
 
How to Secure Containers
How to Secure ContainersHow to Secure Containers
How to Secure ContainersSysdig
 
MeetUp: Kerberos - Protocol for Authentication & Authorization @Criteo
MeetUp: Kerberos - Protocol for Authentication & Authorization @CriteoMeetUp: Kerberos - Protocol for Authentication & Authorization @Criteo
MeetUp: Kerberos - Protocol for Authentication & Authorization @CriteoGilles Legoux
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Velocidex Enterprises
 
SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005James Morris
 

Similar to Prancer iac security scanner prevents sensitive files to be checked in to remote repositories (20)

Cloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFCloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPF
 
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
 
How to Design a Great API (using flask) [ploneconf2017]
How to Design a Great API (using flask) [ploneconf2017]How to Design a Great API (using flask) [ploneconf2017]
How to Design a Great API (using flask) [ploneconf2017]
 
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ...
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ... Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ...
Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent ...
 
TTL Alfresco Product Security and Best Practices 2017
TTL Alfresco Product Security and Best Practices 2017TTL Alfresco Product Security and Best Practices 2017
TTL Alfresco Product Security and Best Practices 2017
 
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and DevicesTriangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
Triangle InfoSecCon - Detecting Certified Pre-Owned Software and Devices
 
Firebird Security (in English): The Past and The Future
Firebird Security (in English): The Past and The FutureFirebird Security (in English): The Past and The Future
Firebird Security (in English): The Past and The Future
 
Source Code Properties of Defective Infrastructure as Code Scripts
Source Code Properties of Defective Infrastructure as Code ScriptsSource Code Properties of Defective Infrastructure as Code Scripts
Source Code Properties of Defective Infrastructure as Code Scripts
 
Secure Mail Application's by Ashok Panwar
Secure Mail Application's by Ashok PanwarSecure Mail Application's by Ashok Panwar
Secure Mail Application's by Ashok Panwar
 
Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9
 
Security in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie FrazelleSecurity in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie Frazelle
 
Beginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionBeginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd session
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Implementing Active Security with Sysdig Falco - Barcelona Software Crafters
Implementing Active Security with Sysdig Falco - Barcelona Software CraftersImplementing Active Security with Sysdig Falco - Barcelona Software Crafters
Implementing Active Security with Sysdig Falco - Barcelona Software Crafters
 
Implementing Active Security with Sysdig Falco - Docker Meetup Barcelona
Implementing Active Security with Sysdig Falco - Docker Meetup BarcelonaImplementing Active Security with Sysdig Falco - Docker Meetup Barcelona
Implementing Active Security with Sysdig Falco - Docker Meetup Barcelona
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container Platform
 
How to Secure Containers
How to Secure ContainersHow to Secure Containers
How to Secure Containers
 
MeetUp: Kerberos - Protocol for Authentication & Authorization @Criteo
MeetUp: Kerberos - Protocol for Authentication & Authorization @CriteoMeetUp: Kerberos - Protocol for Authentication & Authorization @Criteo
MeetUp: Kerberos - Protocol for Authentication & Authorization @Criteo
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3
 
SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005SELinux Kernel Internals and Architecture - FOSS.IN/2005
SELinux Kernel Internals and Architecture - FOSS.IN/2005
 

More from Prancer Io

Prancer Enterprise has achieved SOC 2 Type I compliance in accordance with Am...
Prancer Enterprise has achieved SOC 2 Type I compliance in accordance with Am...Prancer Enterprise has achieved SOC 2 Type I compliance in accordance with Am...
Prancer Enterprise has achieved SOC 2 Type I compliance in accordance with Am...Prancer Io
 
Prancer Enterprise announces today the release of the Zero Trust Security Val...
Prancer Enterprise announces today the release of the Zero Trust Security Val...Prancer Enterprise announces today the release of the Zero Trust Security Val...
Prancer Enterprise announces today the release of the Zero Trust Security Val...Prancer Io
 
Prancer for Offensive Security Testing
Prancer for Offensive Security TestingPrancer for Offensive Security Testing
Prancer for Offensive Security TestingPrancer Io
 
Why do Next-generation snapshot scanning security solutions raise security co...
Why do Next-generation snapshot scanning security solutions raise security co...Why do Next-generation snapshot scanning security solutions raise security co...
Why do Next-generation snapshot scanning security solutions raise security co...Prancer Io
 
Announcing the launch of Red and Blue Cyber Security Show
Announcing the launch of Red and Blue Cyber Security ShowAnnouncing the launch of Red and Blue Cyber Security Show
Announcing the launch of Red and Blue Cyber Security ShowPrancer Io
 
9 tips for assessing your modern cloud security toolsets.pdf
9 tips for assessing your modern cloud security toolsets.pdf9 tips for assessing your modern cloud security toolsets.pdf
9 tips for assessing your modern cloud security toolsets.pdfPrancer Io
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as CodePrancer Io
 
IAC Compliance.pdf
IAC Compliance.pdfIAC Compliance.pdf
IAC Compliance.pdfPrancer Io
 
IaC Security and Continuous Compliance
IaC Security and Continuous ComplianceIaC Security and Continuous Compliance
IaC Security and Continuous CompliancePrancer Io
 
IaC Security and Continuous Compliance
IaC Security and Continuous ComplianceIaC Security and Continuous Compliance
IaC Security and Continuous CompliancePrancer Io
 
Security Validation as Code
Security Validation as CodeSecurity Validation as Code
Security Validation as CodePrancer Io
 
Automated Pentesting vs Dynamic Application Security Testing
Automated Pentesting vs Dynamic Application Security TestingAutomated Pentesting vs Dynamic Application Security Testing
Automated Pentesting vs Dynamic Application Security TestingPrancer Io
 
Security Validation
Security ValidationSecurity Validation
Security ValidationPrancer Io
 
Cloud Security Validation at Scale
Cloud Security Validation at ScaleCloud Security Validation at Scale
Cloud Security Validation at ScalePrancer Io
 
Security Validation as Code.pdf
Security Validation as Code.pdfSecurity Validation as Code.pdf
Security Validation as Code.pdfPrancer Io
 
Prancer web interface for the ease of use
Prancer web interface for the ease of usePrancer web interface for the ease of use
Prancer web interface for the ease of usePrancer Io
 
What are the configuration files in the prancer framework
What are the configuration files in the prancer frameworkWhat are the configuration files in the prancer framework
What are the configuration files in the prancer frameworkPrancer Io
 
Automated pentesting vs dynamic application security testing (dast) (2)
Automated pentesting vs dynamic application security testing (dast) (2)Automated pentesting vs dynamic application security testing (dast) (2)
Automated pentesting vs dynamic application security testing (dast) (2)Prancer Io
 
Is iac scanning scalable in the git ops era
Is iac scanning scalable in the git ops eraIs iac scanning scalable in the git ops era
Is iac scanning scalable in the git ops eraPrancer Io
 
Prancer web interface for the ease of use
Prancer web interface for the ease of usePrancer web interface for the ease of use
Prancer web interface for the ease of usePrancer Io
 

More from Prancer Io (20)

Prancer Enterprise has achieved SOC 2 Type I compliance in accordance with Am...
Prancer Enterprise has achieved SOC 2 Type I compliance in accordance with Am...Prancer Enterprise has achieved SOC 2 Type I compliance in accordance with Am...
Prancer Enterprise has achieved SOC 2 Type I compliance in accordance with Am...
 
Prancer Enterprise announces today the release of the Zero Trust Security Val...
Prancer Enterprise announces today the release of the Zero Trust Security Val...Prancer Enterprise announces today the release of the Zero Trust Security Val...
Prancer Enterprise announces today the release of the Zero Trust Security Val...
 
Prancer for Offensive Security Testing
Prancer for Offensive Security TestingPrancer for Offensive Security Testing
Prancer for Offensive Security Testing
 
Why do Next-generation snapshot scanning security solutions raise security co...
Why do Next-generation snapshot scanning security solutions raise security co...Why do Next-generation snapshot scanning security solutions raise security co...
Why do Next-generation snapshot scanning security solutions raise security co...
 
Announcing the launch of Red and Blue Cyber Security Show
Announcing the launch of Red and Blue Cyber Security ShowAnnouncing the launch of Red and Blue Cyber Security Show
Announcing the launch of Red and Blue Cyber Security Show
 
9 tips for assessing your modern cloud security toolsets.pdf
9 tips for assessing your modern cloud security toolsets.pdf9 tips for assessing your modern cloud security toolsets.pdf
9 tips for assessing your modern cloud security toolsets.pdf
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as Code
 
IAC Compliance.pdf
IAC Compliance.pdfIAC Compliance.pdf
IAC Compliance.pdf
 
IaC Security and Continuous Compliance
IaC Security and Continuous ComplianceIaC Security and Continuous Compliance
IaC Security and Continuous Compliance
 
IaC Security and Continuous Compliance
IaC Security and Continuous ComplianceIaC Security and Continuous Compliance
IaC Security and Continuous Compliance
 
Security Validation as Code
Security Validation as CodeSecurity Validation as Code
Security Validation as Code
 
Automated Pentesting vs Dynamic Application Security Testing
Automated Pentesting vs Dynamic Application Security TestingAutomated Pentesting vs Dynamic Application Security Testing
Automated Pentesting vs Dynamic Application Security Testing
 
Security Validation
Security ValidationSecurity Validation
Security Validation
 
Cloud Security Validation at Scale
Cloud Security Validation at ScaleCloud Security Validation at Scale
Cloud Security Validation at Scale
 
Security Validation as Code.pdf
Security Validation as Code.pdfSecurity Validation as Code.pdf
Security Validation as Code.pdf
 
Prancer web interface for the ease of use
Prancer web interface for the ease of usePrancer web interface for the ease of use
Prancer web interface for the ease of use
 
What are the configuration files in the prancer framework
What are the configuration files in the prancer frameworkWhat are the configuration files in the prancer framework
What are the configuration files in the prancer framework
 
Automated pentesting vs dynamic application security testing (dast) (2)
Automated pentesting vs dynamic application security testing (dast) (2)Automated pentesting vs dynamic application security testing (dast) (2)
Automated pentesting vs dynamic application security testing (dast) (2)
 
Is iac scanning scalable in the git ops era
Is iac scanning scalable in the git ops eraIs iac scanning scalable in the git ops era
Is iac scanning scalable in the git ops era
 
Prancer web interface for the ease of use
Prancer web interface for the ease of usePrancer web interface for the ease of use
Prancer web interface for the ease of use
 

Recently uploaded

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Recently uploaded (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Prancer iac security scanner prevents sensitive files to be checked in to remote repositories

  • 1. Prancer IaC Security scanner prevents sensitive files to be checked in to remote repositories In this blog post, we want to describe a new feature of Prancer Cloud Security Platform Static Code Analysis (SCA) engine for Infrastructure as Code (IaC). This blog post introduces a new feature that prevents sensitive files to be checked into git repositories. Background information Prancer Cloud Security Platform Static Code Analysis engine scans local and remote git repositories for all types of security misconfiguration. with this new feature, Prancer scanning engine analyzes the git repositories and if it finds any file with possible sensitive data in it, reports back to the DevOps engineers. Sensitive information are usually in the following formats: *.PFX or *.P12 – Personal Information Exchange Format *.PEM – PEM or Privacy Enhanced Mail is a Base64 encoded DER certificate *.CER or *.CRT – Base64-encoded or DER-encoded binary X.509 Certificate *.CRL – Certificate Revocation List
  • 2. *.CSR – Certificate Signing Request *.DER – DER-encoded binary X.509 Certificate *.P7B or *.P7R or *.SPC – Cryptographic Message Syntax Standard .Key – key files How does it work? Prancer Static Code Analysis engine scans the repository for sensitive files. Based on this list of possibly sensitive data, Prancer Static Code Analysis engine provides a report with all files that could contain sensitive information. This is very important when committing these files to repositories due to the risk of leakage of confidential data. On the report page for IaC scans, you can see the result of finding these sensitive data: Noncompliance title: Sensitive files should not be checked into the git repo
  • 3. Noncompliance description: Certain file types contain sensitive information and should not be checked into the git repositories. You need to move these files to a vault and reference them from your code. Prancer checks for the following file types to make sure they are not in the repo: *.PFX or *.P12 – Personal Information Exchange Format *.CER or *.CRT – Base64-encoded or DER-encoded binary X.509 Certificate *.PEM – PEM or Privacy Enhanced Mail is a Base64 encoded DER certificate *.CRL – Certificate Revocation List *.CSR – Certificate Signing Request *.DER – DER-encoded binary X.509 Certificate *.P7B or *.P7R or *.SPC – Cryptographic Message Syntax Standard . Key – key files How to remediate you need to add these extensions to your .gitignore file to prevent them from checking in to your repository. these files need to be moved securely to a vault to be managed securely and then referenced in your code. Conclusion In this blog post, we introduced a new Static Code Analysis engine feature that prevents sensitive files to be checked into git repositories. The latest version of the Prancer Static Code Analysis scanning engine for IaC scans can prevent sensitive data in your code to be checked into the git repositories that will reduce the risk of leakage while increasing the security of your IaC pipeline.