Use case scenarios
Infrastructure as Code (IaC) Security
You can use the Prancer platform to security scan your Infrastructure as Code (IaC) based on the compliance standards and policies you have configured. Cloud DevOps engineer gets an early feedback in the process with every commit about the security of the code she is developing before starting the deployment process. Prancer Platform IaC security prevents your DevOps engineers from deploying noncompliant codes to the cloud. Prancer platform can connect to any git provider and read different IaC templates, including cloud-native formats such as Azure ARM templates, AWS CloudFormation, Google Deployment files and Kubernetes Objects. Also third-party IaC solutions like Terraform are supported. If your cloud automation framework relies on custom solutions based on JSON or YAML formats, you can still benefit from Prancer Platform to make sure secure code hits the cloud.
IaC Security follows Policy as Code concepts. All the policies are available in a git repository which can be modified and enhanced.
The major benefit of using Prancer platform for IaC Security is your DevOps engineer does not need to have any credentials in the cloud. Prancer will do the static code analysis on the IaC code with total separation from the cloud environment.
Cloud Continuous Compliance
You can use Prancer platform to continuously compliance scan your cloud implementation. With various compliance standards available out of the box, you can easily make sure your cloud is secure and under compliance. Prancer Platform is equipped with more than 1000 compliance policies, which can be used from day one without any extra effort from your team. Also, it is possible for your security engineers to write custom policies based on the business needs.
Currently, Prancer platform supports Azure, AWS and Google clouds. Kubernetes cluster can also benefit from the Prancer platform for continuous compliance tests.
We have a comprehensive database of policies based on industry compliance frameworks like CIS , NIST 800, PCI, HIPPA, HITRUST, CSA CCM and ISO 27001.
Cloud to git validation
You can use Prancer platform to validate your cloud environment. If you are leveraging the power of Infrastructure as Code (IaC) to provision resources into the cloud, configuration drifts may happen down the road. With the Prancer platform, you can take a snapshot of cloud resource configurations and compare it to the IaC templates you have in your git repository. The Prancer platform can identify any change which happens between the IaC template and actual resources available in the cloud. If there is any drift, you can auto remediate those items as well. This makes sure the IaC template blueprints are always the desired state configuration in the cloud, and if any drifts happen in the cloud, you can spot it and fix it after.
Cloud configuration drifts
The Prancer platform can help you to understand and measure configuration drifts in your cloud environment. It is very possible configuration drifts happens in the cloud because of the operation requirement. After some time, your cloud is not running at the desired state you have planned for it. Prancer takes snapshots from the configurations of the cloud resources over time and stores them in the database. It compares these snapshots with previous versions. It detects any configuration drifts in your environment. You can spot these anomalies easily and fix the problem.
Document cloud environment
The Prancer platform can help you to document the cloud environment. With various cloud connectors, the prancer platform can connect to your cloud environment (Azure, AWS, Google) or Kubernetes clusters and takes snapshots of resource configurations. The Prancer platform converts these snapshots into JSON format and stores them in NoSQL databases. You will have a complete history of the configurations of your cloud environment. You can go back in time to find out a specific resource configuration for your auditing purposes.
Integration with CI/CD pipeline
You can integrate the Prancer platform into your existing Continuous Integration (CI) / Continuous Deployment (CD) pipelines for security testing your templates. This integration is seamless and can automatically detect any security misconfiguration based on the compliance you have to follow. How-tos and sample codes are available for primary CI tools, including Azure DevOps, GitHub Actions, Jenkins, CircleCI, …