Merge pull request #984 from tsmithv11/patch-25

Update Checkov permissions
hlxsites · Nov 18, 2024 · 2c6ec77 · 2c6ec77
2 parents 936acec + b9eb65e
commit 2c6ec77
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/...curity/get-started/connect-code-and-build-providers/ci-cd-runs/add-checkov.adoc b/...curity/get-started/connect-code-and-build-providers/ci-cd-runs/add-checkov.adoc
@@ -11,9 +11,14 @@ See https://www.checkov.io/2.Basics/Visualizing%20Checkov%20Output.html[Visualiz
 [.procedure]
 
 . Before you begin.
+.. Grant the user installing Checkov either the Developer, AppSec Admin, or System Admin role within Prisma.  If you prefer to use a custom permission group, Checkov requires:
+
+* Policies: Policies - 'View' permissions
+* Application Security: Projects - 'View' permissions
+* Settings: Providers - ('View' and 'Create') OR ('View' and 'Update') permissions
+
 .. xref:../../../../administration/create-access-keys.adoc[Generate and copy the Prisma Cloud access key] to enable access to Prisma Cloud. The access key includes a key ID and secret.
 .. Add the Prisma Cloud IP addresses and hostname for Application Security to an xref:../../../../get-started/console-prerequisites.adoc[allow list] to enable access to the Prisma Cloud Console. 
-.. Grant *Administrator* permissions in the relevant organization to the Prisma user installing Checkov.
 .. Best Practice (*Mandatory* for SCA vulnerability suppression): 
 +
 * Run Checkov within your current working directory (<current_directory_path>). It is recommended to use the absolute file path for your current working directory