Skip to main content

View exposure and runtime context from Cortex in Semgrep AppSec Platform

The Semgrep Cortex integration can ingest exposure and runtime context from your Cortex instance. This allows you to prioritize findings based on deployment status and internet exposure status.

Prerequisites

Before proceeding, ensure that you have:

  • A Cloud Posture Security license
  • The following tools and integrations set up in your Cortex instance:
    • A cloud service provider, such as AWS, GCP, or Azure
    • A version control system integration, such as GitHub or GitLab
    • A CI tool integration, such as Jenkins or CircleCI
      • If you use GitHub Actions for your CI/CD pipeline and you've onboarded a GitHub Cloud or GitHub Server VCS integration, you don't have to configure a GitHub Actions integration separately.
    • A Kubernetes connector if your resources are deployed in a Kubernetes cluster
  • Generated a Standard API key and saved the following values:
    • API key
    • API key ID
  • Set up a connection between Semgrep and your source code manager (SCM)

Enable the Cortex integration

  1. Sign in to Semgrep AppSec Platform.

  2. Navigate to Settings > Integrations.

  3. Navigate to Integrations, and click + Add > Cortex. Add Cortex Integration with No Integration Figure. Add a new Cortex integration. Add Cortex Integration with Existing Integration Figure. Add Cortex as an additional integration.

  4. In the dialog that appears, provide the following information:

    1. FQDN: This is the unique host and domain name associated with your Cortex tenant. It usually takes the format https://your-tenant.xdr.your-region.paloaltonetworks.com/.
    2. API key ID: This is generated when you create an API key in Cortex.
    3. API key: This is generated when you create an API key in Cortex. Add Cortex Setup Modal Figure. Configure the Cortex integration.

  5. Click Connect. Successful Cortex Integration Figure. Successfully configured Cortex integration.

  6. Within several hours, you should see Deployment and Exposure status for each project on the project settings page. Cortex Data In Project Settings Figure. Cortex data in Project Settings.

Limitations

  • Each Semgrep deployment can only have one Cortex integration.
  • The exposure and runtime context data are only synced for Semgrep projects that are connected to SCMs and have been scanned within the previous 30 days.
  • The integration syncs your data every 24 hours (this feature will be available soon), but it may take up to 1-2 days for Semgrep to reflect any changes to your repositories and infrastructure.
  • Internet exposure detection is not supported for AWS Classic Load Balancers.

Troubleshooting

If you see a Connection Error message under your Cortex integration

If you see the Connection Error message under your Cortex integration, there was an issue establishing a connection or running a sync job for a provider you have connected. Check your connection settings to verify that your configuration is correct.

If the connection settings are correct, contact Support for further assistance.

Cortex Connection Error Figure. Erro with the Cortex integration.

If you're not seeing data in your project settings page

If you're not seeing data for your project in the project settings page:

  • Wait for one day for your data to sync.
  • Confirm that an image of the project has been deployed in your infrastructure that Cortex has access to
  • If, after one day, you're still not seeing data, ensure that you meet the integration's prerequisites.
  • If, after one day, you meet the integration's prerequisites and confirmed deployment, contact Support for further assistance.

Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.