Prisma Cloud Application Security: How to suppress CVE findings in CICD Runs via API
Objective
In this article, I intend to show the method of suppressing Prisma Cloud Application Security CVE findings seen in CICD Runs via API.
Environment
- Prisma Cloud
- Checkov
- API Platform
Procedure
In order to suppress the desired CVE findings seen in your CICD Run via API the following Endpoint and payload can be used.
Method: Post
Endpoint: https://api.prismacloud.io/code/api/v1/suppressions/BC_VUL_2
- Please note your endpoint will be dependent on the API Gateway assigned to your Prisma URL. For example customers on App2.Prismacloud.io will use the following endpoint:
- https://api2.prismacloud.io/code/api/v1/suppressions/BC_VUL_2
- For more information on your API Gateway, please see here.
Payload:
{
"comment": "test123",
"expirationTime": 0,
"origin": "string",
"accountIds": "org/repo",
"suppressionType": "CvesAccounts",
"cves": [
"CVE-1111-1111"
]
}Please note, for AccountIds portion, you need the full name of the organization and repo including the numeric values that are seen within a CICD Run.
Example:
"accountIds": "817425256251008000_test/apitest"When applying the suppression via API, the suppression will be reflected in the UI upon the following CICD run.
Please also note that the --use-enforcement-rules parameter would have to be included in your Checkov scans in order to see the suppression in the CLI.