# Prisma Cloud CLI
[![Code Quality Check](https://github.com/PaloAltoNetworks/prismacloud-cli/actions/workflows/build.yml/badge.svg)](https://github.com/PaloAltoNetworks/prismacloud-cli/actions/workflows/build.yml)
The Prisma Cloud CLI is a command line interface for [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud) by [Palo Alto Networks](https://www.paloaltonetworks.com/).
# Community Supported
This template/solution is released under an as-is, best effort, support policy. These scripts should be seen as community supported and Palo Alto Networks will contribute our expertise as and when possible. We do not provide technical support or help in using or troubleshooting the components of the project through our normal support options such as Palo Alto Networks support teams, or ASC (Authorized Support Centers) partners and backline support options. The underlying product used (Prisma Cloud) by the scripts or templates are still supported, but the support is only for the product functionality and not for help in deploying or using the template or script itself.
Unless explicitly tagged, all projects or work posted in our GitHub repository (at https://github.com/PaloAltoNetworks) or sites other than our official Downloads page on https://support.paloaltonetworks.com are provided under the best effort policy.
# Getting started
### Requirements
* Python >= 3.8
* Pip3
### Installation
```sh
pip3 install prismacloud-cli
```
Installation on Alpine:
```sh
sudo pip3 install --upgrade pip && pip3 install --upgrade setuptools
sudo pip3 install prismacloud-cli
```
Installation on Ubuntu:
```sh
sudo apt update
sudo apt install -y python3-venv python3-pip jq
mkdir python_virtual_environments/
cd python_virtual_enviornments/
python3 -m venv prisma_cli_env
source prisma_cli_env/bin/activate
pip3 install prismacloud-cli
```
### Run the script
Run the pc cli script. If you don't have a config file yet, it will help you to create one.
```
pc version
```
This process looks like the screenshot below. the prismacloud-cli asks you for some details, stores it in the credentials file and uses that file when it is already available.
![First run](https://raw.githubusercontent.com/PaloAltoNetworks/prismacloud-cli/main/screenshot.png)
### Create your own configuration
Create an access key from Settings then Access key
Get the path to console from Compute tab, System, Utilities
Create a file into home directory .prismacloud/credentials.json with the following structure.
```json
{
"url": "__REDACTED__",
"identity": "__REDACTED__",
"secret": "__REDACTED__"
}
```
You can add additional configurations which you can call by using --config. For example, create a file
called ~/.prismacloud/demo.json with the contents above.
Add ```--config demo``` to your cli commands.
For example:
```
pc --config demo -o csv policy
```
### Use environment variables for configuration
By setting the environment variables:
```
PC_ACCESS_KEY
PC_SAAS_API_ENDPOINT
PC_SECRET_KEY
```
And then run pc referring to a configuration called environment:
`pc --config environment <command>`
## How to use the Prisma Cloud CLI in pipelines (e.g. Github Actions)
See [Prisma Cloud CLI in GitHub Actions](docs/how-to-use-in-pipelines.md)
## How to enable or disable policies at scale via CSV
See [How to enable or disable policies at scale via CSV](docs/how-to-enable-or-disable-policies-at-scale-via-csv.md)
## Examples
```
pc -o csv policy
pc -o json policy | jq
pc tags
pc stats dashboard
pc -o json stats dashboard
pc cloud name
pc --columns defendersSummary.host stats dashboard
```
## Global options
The following global options are available
```
Options:
-v, --verbose Enables verbose mode.
-vv, --very_verbose Enables very verbose mode.
-o, --output [text|csv|json|html|clipboard|markdown|columns]
-c, --config TEXT Select configuration
~/.prismacloud/[CONFIGURATION].json
--columns TEXT Select columns for output
--help Show this message and exit.
```
Use -o columns to get a list of columns available for --columns, e.g.:
```
pc -o columns images
pc --columns hostname,repoTag.repo,osDistro -o csv images -l 1
```
## Environment variables
To overwrite the default output settings, use environment variables MAX_WIDTH (console output), MAX_ROWS, MAX_COLUMNS and MAX_LINES.
- MAX_LINES is used to defined the maximum number of lines within a cell when wrapping the contents.
## Commands
The cli has several commands to work with, see the screenshot below for an example, but use ```pc --help``` to see the latest list for your version.
![Help](https://raw.githubusercontent.com/PaloAltoNetworks/prismacloud-cli/main/help.png)
## Use cases
### Log4J Impacted Resources
```
pc -o json stats vulnerabilities --cve CVE-2021-44228 | jq
pc stats vulnerabilities --cve CVE-2021-44228
```
Use something similar for getting the *Spring Shell* impacted resources.
### Search scan reports for images scanned by the Jenkins plugin or twistcli.
```
pc scans --help
```
Select only specific columns for the output:
```
pc --columns entityInfo.repoTag.registry,entityInfo.repoTag.repo,entityInfo.repoTag.tag,entityInfo.vulnerabilitiesCount scans -l 20 -s nginx
```
You might also want to add some additional columns and save the output as html:
```
pc --config local -o html --columns entityInfo.repoTag.registry,entityInfo.repoTag.repo,entityInfo.repoTag.tag,entityInfo.vulnerabilitiesCount,entityInfo.vulnerabilityDistribution.critical,entityInfo.vulnerabilityDistribution.high,entityInfo.vulnerabilityDistribution.medium scans -l 20 -s nginx > /tmp/results.html
```
Then, open /tmp/results.html:
![Results](https://raw.githubusercontent.com/PaloAltoNetworks/prismacloud-cli/main/results.png)
### Enable CSPM policies with Prisma Cloud CLI
```
pc policy set --help
pc -vv policy set --status enable --compliance_standard 'CIS v1.4.0 (AWS)'
```
### Disable CSPM policies with Prisma Cloud CLI
```
pc -vv policy set --status disable --compliance_standard 'CIS v1.4.0 (AWS)'
```
### Code Security
The below examples are using Github as integration but it works as well with other integration:
- Bitbucket
- Gitlab
- AzureRepos
- Github Enterprise
- Gitlab Enterprise
- Bitbucket Enterprise
Count the number of unique git authors across all Github repositories:
```
pc -ojson repositories count-git-authors -i Github | jq .
```
Get the details of all CVE across all Github repositories:
```
pc -o json repositories search -i Github -c Vulnerabilities -t packageCve --details | jq .
```
Get all secrets across all Github repositories:
```
pc -o json repositories search -i Github -c Secrets -t violation | jq .
```
Get all drift across all Github repositories:
```
pc repositories search --integration_type Github --categories Drift
```
### Container registries
#### Listing registries
To list all container registries:
```bash
pc registry list
```
#### Triggering Scans
To trigger scans on all registries:
```bash
pc registry scan
```
#### Including Specific Registries
To include specific registries or repositories in the scan:
```bash
pc registry scan --include "registry_name/repo_name" --i "another_registry"
```
#### Excluding Specific Registries
To exclude specific registries or repositories from the scan:
```bash
pc registry scan --exclude "registry_name/repo_name" --e "another_registry"
```
Raw data
{
"_id": null,
"home_page": "https://github.com/PaloAltoNetworks/prismacloud-cli",
"name": "prismacloud-cli",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": null,
"keywords": "prisma cloud cli",
"author": "Steven de Boer, Simon Melotte, Tom Kishel",
"author_email": "stdeboer@paloaltonetworks.com, smelotte@paloaltonetworks.com, tkishel@paloaltonetworks.com",
"download_url": "https://files.pythonhosted.org/packages/f8/a5/4ddc3a0708a5d5d454123645bc2072d64f54a5c68b5eb52e43daa1352130/prismacloud_cli-0.8.8.tar.gz",
"platform": null,
"description": "# Prisma Cloud CLI\n\n[![Code Quality Check](https://github.com/PaloAltoNetworks/prismacloud-cli/actions/workflows/build.yml/badge.svg)](https://github.com/PaloAltoNetworks/prismacloud-cli/actions/workflows/build.yml)\n\nThe Prisma Cloud CLI is a command line interface for [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud) by [Palo Alto Networks](https://www.paloaltonetworks.com/).\n\n# Community Supported\nThis template/solution is released under an as-is, best effort, support policy. These scripts should be seen as community supported and Palo Alto Networks will contribute our expertise as and when possible. We do not provide technical support or help in using or troubleshooting the components of the project through our normal support options such as Palo Alto Networks support teams, or ASC (Authorized Support Centers) partners and backline support options. The underlying product used (Prisma Cloud) by the scripts or templates are still supported, but the support is only for the product functionality and not for help in deploying or using the template or script itself.\n\nUnless explicitly tagged, all projects or work posted in our GitHub repository (at https://github.com/PaloAltoNetworks) or sites other than our official Downloads page on https://support.paloaltonetworks.com are provided under the best effort policy.\n\n# Getting started\n\n### Requirements\n * Python >= 3.8\n * Pip3\n\n### Installation\n\n```sh\npip3 install prismacloud-cli\n```\n\nInstallation on Alpine:\n```sh\nsudo pip3 install --upgrade pip && pip3 install --upgrade setuptools\nsudo pip3 install prismacloud-cli\n```\n\nInstallation on Ubuntu:\n```sh\nsudo apt update\nsudo apt install -y python3-venv python3-pip jq\nmkdir python_virtual_environments/\ncd python_virtual_enviornments/\npython3 -m venv prisma_cli_env\nsource prisma_cli_env/bin/activate\npip3 install prismacloud-cli\n```\n\n### Run the script\n\nRun the pc cli script. If you don't have a config file yet, it will help you to create one.\n\n```\npc version\n```\n\nThis process looks like the screenshot below. the prismacloud-cli asks you for some details, stores it in the credentials file and uses that file when it is already available.\n\n![First run](https://raw.githubusercontent.com/PaloAltoNetworks/prismacloud-cli/main/screenshot.png)\n\n### Create your own configuration\n\nCreate an access key from Settings then Access key\nGet the path to console from Compute tab, System, Utilities\n\nCreate a file into home directory .prismacloud/credentials.json with the following structure.\n\n```json\n{\n \"url\": \"__REDACTED__\",\n \"identity\": \"__REDACTED__\",\n \"secret\": \"__REDACTED__\"\n}\n```\n\nYou can add additional configurations which you can call by using --config. For example, create a file\ncalled ~/.prismacloud/demo.json with the contents above.\n\nAdd ```--config demo``` to your cli commands.\n\nFor example:\n\n```\npc --config demo -o csv policy\n```\n\n### Use environment variables for configuration\n\nBy setting the environment variables:\n\n```\nPC_ACCESS_KEY\nPC_SAAS_API_ENDPOINT\nPC_SECRET_KEY\n```\n\nAnd then run pc referring to a configuration called environment:\n\n`pc --config environment <command>`\n\n\n## How to use the Prisma Cloud CLI in pipelines (e.g. Github Actions)\nSee [Prisma Cloud CLI in GitHub Actions](docs/how-to-use-in-pipelines.md)\n\n## How to enable or disable policies at scale via CSV\nSee [How to enable or disable policies at scale via CSV](docs/how-to-enable-or-disable-policies-at-scale-via-csv.md)\n\n\n\n## Examples\n```\npc -o csv policy\npc -o json policy | jq\npc tags\npc stats dashboard\npc -o json stats dashboard\npc cloud name\npc --columns defendersSummary.host stats dashboard\n```\n\n## Global options\nThe following global options are available\n\n```\nOptions:\n -v, --verbose Enables verbose mode.\n -vv, --very_verbose Enables very verbose mode.\n -o, --output [text|csv|json|html|clipboard|markdown|columns]\n -c, --config TEXT Select configuration\n ~/.prismacloud/[CONFIGURATION].json\n --columns TEXT Select columns for output\n --help Show this message and exit.\n```\n\nUse -o columns to get a list of columns available for --columns, e.g.:\n\n```\npc -o columns images\npc --columns hostname,repoTag.repo,osDistro -o csv images -l 1\n```\n\n## Environment variables\n\nTo overwrite the default output settings, use environment variables MAX_WIDTH (console output), MAX_ROWS, MAX_COLUMNS and MAX_LINES. \n\n- MAX_LINES is used to defined the maximum number of lines within a cell when wrapping the contents.\n\n## Commands\nThe cli has several commands to work with, see the screenshot below for an example, but use ```pc --help``` to see the latest list for your version.\n\n![Help](https://raw.githubusercontent.com/PaloAltoNetworks/prismacloud-cli/main/help.png)\n\n## Use cases\n\n### Log4J Impacted Resources\n```\npc -o json stats vulnerabilities --cve CVE-2021-44228 | jq\npc stats vulnerabilities --cve CVE-2021-44228\n```\n\nUse something similar for getting the *Spring Shell* impacted resources.\n\n### Search scan reports for images scanned by the Jenkins plugin or twistcli.\n```\npc scans --help\n```\n\nSelect only specific columns for the output:\n\n```\npc --columns entityInfo.repoTag.registry,entityInfo.repoTag.repo,entityInfo.repoTag.tag,entityInfo.vulnerabilitiesCount scans -l 20 -s nginx\n```\n\nYou might also want to add some additional columns and save the output as html:\n\n```\npc --config local -o html --columns entityInfo.repoTag.registry,entityInfo.repoTag.repo,entityInfo.repoTag.tag,entityInfo.vulnerabilitiesCount,entityInfo.vulnerabilityDistribution.critical,entityInfo.vulnerabilityDistribution.high,entityInfo.vulnerabilityDistribution.medium scans -l 20 -s nginx > /tmp/results.html\n```\n\nThen, open /tmp/results.html:\n\n![Results](https://raw.githubusercontent.com/PaloAltoNetworks/prismacloud-cli/main/results.png)\n\n\n### Enable CSPM policies with Prisma Cloud CLI\n\n```\npc policy set --help\npc -vv policy set --status enable --compliance_standard 'CIS v1.4.0 (AWS)'\n```\n\n### Disable CSPM policies with Prisma Cloud CLI\n\n```\npc -vv policy set --status disable --compliance_standard 'CIS v1.4.0 (AWS)'\n```\n\n### Code Security\n\nThe below examples are using Github as integration but it works as well with other integration: \n- Bitbucket\n- Gitlab\n- AzureRepos\n- Github Enterprise\n- Gitlab Enterprise\n- Bitbucket Enterprise\n\nCount the number of unique git authors across all Github repositories: \n```\npc -ojson repositories count-git-authors -i Github | jq .\n```\n\nGet the details of all CVE across all Github repositories: \n```\n pc -o json repositories search -i Github -c Vulnerabilities -t packageCve --details | jq .\n```\n\nGet all secrets across all Github repositories: \n```\npc -o json repositories search -i Github -c Secrets -t violation | jq .\n```\n\nGet all drift across all Github repositories: \n```\npc repositories search --integration_type Github --categories Drift\n```\n\n\n### Container registries \n\n#### Listing registries\nTo list all container registries: \n\n```bash\npc registry list\n```\n\n#### Triggering Scans\nTo trigger scans on all registries:\n\n```bash\npc registry scan\n```\n\n#### Including Specific Registries\nTo include specific registries or repositories in the scan:\n\n```bash\npc registry scan --include \"registry_name/repo_name\" --i \"another_registry\"\n```\n\n#### Excluding Specific Registries\nTo exclude specific registries or repositories from the scan:\n\n```bash\npc registry scan --exclude \"registry_name/repo_name\" --e \"another_registry\"\n```\n",
"bugtrack_url": null,
"license": "BSD",
"summary": "Prisma Cloud CLI",
"version": "0.8.8",
"project_urls": {
"Homepage": "https://github.com/PaloAltoNetworks/prismacloud-cli"
},
"split_keywords": [
"prisma",
"cloud",
"cli"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "3499f40ae5df4196510841511f8df9ffb1ba939f0cde166cb067eafc453687be",
"md5": "e3ab32e74b0c9f08065737ef4ea7b497",
"sha256": "352171a9dee7b9afc06c712489c0ab3dfefddc48fd717e30c85e35a783215dd0"
},
"downloads": -1,
"filename": "prismacloud_cli-0.8.8-py3-none-any.whl",
"has_sig": false,
"md5_digest": "e3ab32e74b0c9f08065737ef4ea7b497",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 55978,
"upload_time": "2024-05-07T10:06:54",
"upload_time_iso_8601": "2024-05-07T10:06:54.617759Z",
"url": "https://files.pythonhosted.org/packages/34/99/f40ae5df4196510841511f8df9ffb1ba939f0cde166cb067eafc453687be/prismacloud_cli-0.8.8-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "f8a54ddc3a0708a5d5d454123645bc2072d64f54a5c68b5eb52e43daa1352130",
"md5": "c7364f7818ce3d522e9a977d8a4121ab",
"sha256": "d4271a16b04d9b1658e6d51ae4b5e2b6bc8f0de49973d8a970172a5744ddd471"
},
"downloads": -1,
"filename": "prismacloud_cli-0.8.8.tar.gz",
"has_sig": false,
"md5_digest": "c7364f7818ce3d522e9a977d8a4121ab",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7",
"size": 42821,
"upload_time": "2024-05-07T10:06:56",
"upload_time_iso_8601": "2024-05-07T10:06:56.902628Z",
"url": "https://files.pythonhosted.org/packages/f8/a5/4ddc3a0708a5d5d454123645bc2072d64f54a5c68b5eb52e43daa1352130/prismacloud_cli-0.8.8.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-05-07 10:06:56",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "PaloAltoNetworks",
"github_project": "prismacloud-cli",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [],
"lcname": "prismacloud-cli"
}