Application Security provides unified visibility and control over app security throughout the lifecycle, identifying vulnerabilities to protect data and integrity.
The Cortex Cloud Application Security module provides comprehensive security for your applications throughout their entire lifecycle. It offers unified visibility and control over your application's security from development through to deployment.
Use cases
Application Security Posture Management (ASPM): Provides a consolidated view of application risks and vulnerabilities across your environment, enabling you to understand and manage your overall security posture. For more information refer to Application Security Posture Management (ASPM)
Supply chain security: Focuses on securing your continuous integration and continuous delivery pipelines, ensuring the integrity and security of your automated build and deployment processes. For more information refer to Software supply chain security
Code security: Identifies and helps mitigate security issues directly within your source code, including vulnerabilities in Infrastructure-as-Code (IaC) and open-source components, from the earliest stages of development. For more information refer to Code Security
Workflows
Cortex Cloud Application Security can be accessed and managed through multiple workflows tailored to different stages of your software development lifecycle, though not all workflows support every feature:
UI (Tenant): The default, centralized console interface that provides comprehensive access to all Application Security content, configurations, and visibility dashboards
API: Available for programmatic management, automated integrations, and bulk operations where supported
CLI: Enables shift-left security by allowing you to run local scans or embed security checks directly into your CI/CD pipelines
IDE: Surfaces security findings and remediation guidance directly within the developer's local coding environment
Terraform: Automates the management of ASPM integrations, configurations, policies, and rules at scale using Infrastructure-as-Code
Workflow documentation: Instructions are integrated throughout this guide where applicable (for example, Unified AppSec Policy covers all workflows). Additionally, dedicated user guides are available for the CLI and IDE, while API and Terraform workflows are covered both here and in their respective reference guides.
License requirements
To enable and utilize the components of the Application Security module, an active base license is required.
Note
While some features are included by default, others require a dedicated add-on purchase.
Base licenses
You must have at least one of the following active base licenses to access the Application Security module:
Cloud Posture Security or Cloud Runtime Security
XSIAM Premium
Module components
Application Security Posture Management (ASPM): Included with base license
Supply Chain Security Security: Included with base license
Code security: Requires a separate Application Security Add-on purchase in addition to your existing Cloud (Posture or Runtime) or XSIAM Premium base license
Upgrade from Prisma Cloud to Cortex Cloud
Prisma Cloud customers can use the Upgrade Helper to copy Application Security data and configurations from their Prisma Cloud tenant to their new Cortex Cloud tenant. For more information refer to Upgrade from Prisma Cloud to Cortex Cloud.