Prisma Cloud - Pull Request scan validates the policy, even when the policy is disabled (Build policy for Application security)

Prisma Cloud - Pull Request scan validates the policy, even when the policy is disabled (Build policy for Application security)

3600
Created On 02/28/24 04:32 AM - Last Modified 04/25/24 20:38 PM


Question


Why the Application security scans continue to refer to Build Policy, even after the policy is disabled ? 

GUI Path: Governance > Policy Status
Screenshot 2024-02-28 at 12.11.48 PM.png
GUI Path: Governance > Policy Status > Toggle OFF

Screenshot 2024-02-28 at 12.12.58 PM.png

GUI Path: Governance > Policy Status > Policy status successfully updatedScreenshot 2024-02-28 at 12.14.15 PM.png

GUI Path: Settings > Audit Logs > Confirms policy disabled
Screenshot 2024-02-28 at 12.15.37 PM.png


PRs are still failing against this Policy

6c0f5411-7c00-47ac-801b-83c6a6c235fe.png
e65ccce7-9dfe-42bc-aaf8-ac417d957586.png

 

Environment


Prisma Cloud - Application Security (BridgeCrew)

Answer


Once the Build Policy is disabled on the CSPM, a synchronization process runs every 3 hours. Therefore, it may take up to 3 hours (or less) for the policy changes to reflect on Application Security/Bridgecrew.

The PR (Pull Request) comments check the policy on Application security/Bridgecrew and not in Prisma.
  • For PR and CLI (command line interface) scans it will take up to 3 hours to be reflected.
  • For periodic scans / manual scans from the projects page, it will be effective immediately.

 

Additional Information


View our Prisma Cloud documentation on Application Security here
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000XhrbCAC&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language