Open-Source Projects

Prisma® Cloud by Palo Alto Networks is committed to open source and the community behind our open-source tools and the tools we support.

Committed to Open Source

We're dedicated to simplifying and securing your cloud-native applications, and open source is part of this mission. Our cutting-edge, open-source tools are designed to champion cloud-native best practices with a focus on enhancing security.


Key open-source contributions


Extensible policy as code

Checkov is a command-line interface (CLI) that scans infrastructure as code (IaC) for misconfigurations and exposed secrets. Coverage includes Terraform®, Terraform plan, CloudFormation, Kubernetes®, Dockerfile, serverless and ARM templates and more.

  • Integrate as a guardrail for CI/CD pipelines.

  • Include graph-based analysis for context-aware policies.

  • Add custom policies in Python or YAML.


Automated tag-and-trace

Yor tags IaC templates with attribution and ownership details, unique IDs that get carried across to cloud resources, improving root cause analysis, operational efficiency and financial attribution.

  • Automate tagging as a pre-commit hook or in a CI/CD pipeline.

  • Include tracing details to decrease mean time to resolution (MTTR).

  • Add custom tags for your own attribute needs.

CI/CD Goat

Deliberately vulnerable CI/CD environment. Hack CI/CD pipelines, capture the flags.

The CI/CD Goat project offers a practical, engaging way to learn CI/CD security with 11 hands-on challenges in a real CI/CD environment. Participants can deepen their expertise across various security risks through scenarios that progressively increase in difficulty.

  • Tackle 11 targeted challenges in an authentic CI/CD setting.

  • Learn to mitigate the OWASP Top 10 CI/CD Security Risks through interactive, scenario-based exercises.

  • Enjoy a unique learning experience with each challenge themed after a character from “Alice in Wonderland.”

CI/CD Goat

Least privilege AWS® IAM using Terraform

AirIAM scans AWS IAM for activity and generates a Terraform template with least-privilege access.

  • Reduce the attack surface by identifying unused users, roles and permissions.

  • Generate usage-based policies for least-privileged access.

  • Create Terraform code for IAM policies for version control and collaboration.


Additional Open-Source Projects


Vulnerable-by-design Terraform files for training and learning.


Script for detecting the WireLurker malware family.


Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego.


IronSkillet is a set of day-one configuration templates for PAN-OS® to enable alignment with security best practices.


Vulnerable-by-design CloudFormation files for training and learning.

Prisma Cloud CSPM Terraform provider

Terraform provider to provision and manage Prisma Cloud CSPM.

Prisma Enhanced Remediation

Create custom autoremediation solutions using serverless functions in the cloud.


Vulnerable-by-design AWS CDK files for training and learning.

Prisma Cloud Compute Terraform provider

Terraform provider to manage Compute configurations and rulesets.

Prisma Cloud Compute Operator

Kubernetes and OpenShift operator to deploy and manage Compute consoles and Defenders.

Prisma Cloud Compute GitHub Action

Scan container images using GitHub Actions.

Prisma Cloud Compute GitLab integration

Example code for scanning container images from GitLab.

Prisma Cloud Compute Codefresh Integration

Run a container image scan from your Codefresh pipelines.

Prisma Cloud Compute Travis CI integration

Example code for scanning container images from Travis CI.