[](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Cortex Cloud logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/cortexcloud-logo-dark.svg)](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * 用例 ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) 用例 用例 * [Cortex Cloud](https://www.paloaltonetworks.cn/cortex/cloud?ts=markdown) 由统一数据、AI 和自动化提供助力的实时云安全 * [应用安全](https://www.paloaltonetworks.cn/cortex/cloud/application-security?ts=markdown) 从源头阻止风险 * [云态势安全](https://www.paloaltonetworks.cn/cortex/cloud/cloud-posture-security?ts=markdown) 快速确定任何云中的风险优先级并进行补救 * [云运行时安全](https://www.paloaltonetworks.cn/cortex/cloud/runtime-security?ts=markdown) 实时预防云攻击 * [安全运营](https://www.paloaltonetworks.cn/cortex?ts=markdown) 检测、调查和应对整个企业和云中的威胁 * 解决方案 ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) 解决方案 [应用安全](https://www.paloaltonetworks.cn/cortex/cloud/application-security?ts=markdown) * [应用安全态势管理 (ASPM)](https://www.paloaltonetworks.cn/cortex/cloud/application-security-posture-management?ts=markdown) * [软件供应链安全](https://www.paloaltonetworks.cn/cortex/cloud/software-supply-chain-security?ts=markdown) * [IaC 安全](https://www.paloaltonetworks.cn/cortex/cloud/infrastructure-as-code-security?ts=markdown) * [软件构成分析](https://www.paloaltonetworks.cn/cortex/cloud/software-composition-analysis?ts=markdown) * [机密安全](https://www.paloaltonetworks.cn/cortex/cloud/secrets-security?ts=markdown) * [开放合作伙伴生态系统](https://www.paloaltonetworks.cn/cortex/cloud/appsec-partner-ecosystem?ts=markdown) [云态势安全](https://www.paloaltonetworks.cn/cortex/cloud/cloud-posture-security?ts=markdown) * [云安全态势管理 (CSPM)](https://www.paloaltonetworks.cn/cortex/cloud/cloud-security-posture-management?ts=markdown) * [云基础架构权限管理 (CIEM)](https://www.paloaltonetworks.cn/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [数据安全态势管理 (DSPM)](https://www.paloaltonetworks.cn/cortex/cloud/data-security-posture-management?ts=markdown) * [AI 安全态势管理 (AI-SPM)](https://www.paloaltonetworks.cn/cortex/cloud/ai-security-posture-management?ts=markdown) * [漏洞管理](https://www.paloaltonetworks.cn/cortex/cloud/vulnerability-management?ts=markdown) * [云攻击面管理 (ASM)](https://www.paloaltonetworks.cn/cortex/cloud/attack-surface-management?ts=markdown) [云运行时安全](https://www.paloaltonetworks.cn/cortex/cloud/runtime-security?ts=markdown) * [云检测与响应 (CDR)](https://www.paloaltonetworks.cn/cortex/cloud-detection-and-response?ts=markdown) * [容器和 Kubernetes 安全](https://www.paloaltonetworks.cn/cortex/cloud/container-security?ts=markdown) * [云工作负载保护 (CWP)](https://www.paloaltonetworks.cn/cortex/cloud/cloud-workload-protection?ts=markdown) * [API 安全](https://www.paloaltonetworks.cn/cortex/cloud/api-security?ts=markdown) * [Web 应用安全](https://www.paloaltonetworks.cn/cortex/cloud/web-application-security?ts=markdown) [安全运营](https://www.paloaltonetworks.cn/cortex/?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.cn/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.cn/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.cn/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.cn/cortex/cortex-xpanse?ts=markdown) * [Unit 42 托管检测和响应](https://www.paloaltonetworks.cn/cortex/managed-detection-and-response?ts=markdown) * [产品之旅](https://www.paloaltonetworks.com/cortex/cloud/product-tours?ts=markdown) * 资源 ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) 资源 学习 * [博客](https://www.paloaltonetworks.com/blog/cloud-security/?lang=zh-hans) * [云研究](https://www.paloaltonetworks.com/cortex/cloud/research) * [Cyberpedia](https://www.paloaltonetworks.cn/cyberpedia?ts=markdown) * [Live Community](https://live.paloaltonetworks.com/) * [互动研讨会](https://www.paloaltonetworks.com/cortex/cloud/interactive-workshops) 产品信息 * [技术文档](https://docs.paloaltonetworks.com/) * [开源项目](https://www.paloaltonetworks.com/cortex/cloud/open-source-projects) * [支持](https://support.paloaltonetworks.com/Support/Index) 资源 * [技术合作伙伴](https://www.paloaltonetworks.com/partners/technology-partners) * [客户成功案例](https://www.paloaltonetworks.cn/customers?ts=markdown) * [资源中心](https://www.paloaltonetworks.cn/resources?ts=markdown) * [事件](https://events.paloaltonetworks.com) * * [申请演示](https://www.paloaltonetworks.cn/cortex/cloud/trial?ts=markdown) ![palo alto networks logo icon](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-default.svg) ![white arrow icon pointing left to return to main Palo Alto Networks site](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-white.svg) [](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) 搜索 Close search modal *** ** * ** *** # 软件供应链安全 强化您的 CI/CD 管道、减少攻击面并保护您的应用程序开发环境。 [申请演示](https://www.paloaltonetworks.cn/cortex/cloud/trial?ts=markdown) ![AppSec 仪表盘](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/supply-chain-security/Supply-Chain-Graph.png) ![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-white.svg) ![AppSec 仪表盘](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/supply-chain-security/Supply-Chain-Graph.png) 重要意义我们的方法功能 * [重要意义](#why) * [我们的方法](#approach) * [功能](#modules) {#why} ## 针对工程生态系统的攻击数量和复杂程度都在迅速增长。据 Gartner 称,企业必须保护交付管道以在云中维护自身安全。Cortex^®^ Cloud 提供了一种强大而简单的方法来获得跨应用程序交付管道的可视性和控制。 ### 供应链攻击可能携带巨大风险 云原生应用利用大量依赖项和第三方软件。全面了解这个多样化的依赖项和软件生态系统对于了解所有潜在的安全风险至关重要。 ### 软件供应链经常被忽视 许多技术都连接到软件供应链(这对于自动化控制至关重要),并且可以访问源代码和运行时环境。但传统的 AppSec 程序无法识别这种风险来源,因此不会将 CI/CD 管道包含在其攻击面监控工作流程中。 ### 孤立的安全工具会导致覆盖缺口 如果没有应用程序基础设施的完整情境,就无法确定已识别的风险是否暴露在应用程序中。只有将整个交付管道和运行时的可视性连接起来,安全问题才会在整个代码库的情境中浮现出来,从而更好地确定优先级,更快地解决问题。 ## 确保软件供应链安全,同时不减缓开发速度。 确保软件供应链安全,同时不减缓开发速度。 * 扫描每个代码工件和依赖关系,保护管道安全 * 防范 OWASP 10 大 CI/CD 安全风险 * 精细控制可阻止不安全代码进入生产环境 * ![代码清单和可视性](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/icons/NDR.svg) 代码清单和可视性 * ![机密扫描](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/icons/icon-secrets-scanning-74x74.svg) 机密扫描 * ![注册表扫描](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/icons/icon-git-repo-vulnerability-management-74x74.svg) 注册表扫描 * ![受信任的映像实施](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/icons/container-scanning.svg) 受信任的映像实施 {#approach} 解决方案 ## 我们的软件供应链安全方案 ### 对于整个工程生态系统的集中可视性 云原生工程生态系统变得越来越复杂,这使得 AppSec 团队很难获得提供保护所需的全面可视性。对生态系统中的语言、框架、工具和可执行文件进行统一盘点,是实现安全软件供应链的第一步。Cortex Cloud 将使用中的所有技术及其相关安全风险汇集在一起,形成单一视图。 * #### 以无与伦比的精确度扫描语言和存储库 识别所有主流语言的跨代码类型的安全风险。 \* #### 关联基础架构和应用风险 专注于代码库中暴露的关键风险,消除误报并更快地确定补救措施的优先级。 \* #### 可视化软件供应链 获得整个工程生态系统中 CI/CD 管道和代码风险的综合清单。 \* #### 为软件供应链编制目录 生成软件物料清单 (SBOM) 以跟踪所有应用风险来源并了解您的攻击面。 [![VCS 组织](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/supply-chain-security/VCS-Organization.png)](#prismastickyimagecomapproach1_prisma-custom-background_prismacustombackgrou_14379965_cleanParsys_software-supply-chain-security_cloud_cortex_zh_CN_pan_content_) ### 交付管道的态势管理 云攻击经常针对 CI/CD 管道和软件供应链,使企业面临代码注入、凭据盗窃、数据泄露和知识产权盗窃的风险。企业必须通过实施新的安全实践来应对。与 OWASP 十大风险对应的安全问题可以帮助识别攻击载体,并为如何解决软件供应链安全提供指导。 * #### 洞察您的软件供应链安全态势 通过本机控制来主动防止攻击,识别缺失的分支保护规则、不安全的管道配置以及潜在的受感染管道。 \* #### 揭示入侵途径 采用关键的安全防护措施,逐步加固管道,确保坏人无法利用供应链的弱点进入生产环境或运行恶意代码。 \* #### 识别管道中暴露的凭据 在 Webhook 和管道日志中查找可能被窃取和滥用的明文凭据。 \* #### 在整个软件开发生命周期中创建并实施自定义策略 集成漏洞管理以扫描存储库、注册表、CI/CD 管道和运行时环境。 [![态势管理](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/supply-chain-security/Posture-Management.png)](#prismastickyimagecomapproach2_prisma-custom-background_prismacustombackgrou_14379965_cleanParsys_software-supply-chain-security_cloud_cortex_zh_CN_pan_content_) ### 在整个应用生命周期内实现一致的安全性 利用 Cortex 平台实现从代码到云再到 SOC 的一致安全。统一的数据、AI 和自动化可形成自适应防御,从源头即时阻止威胁。 * #### 在开发人员构建和测试软件时识别代码中的风险 检查数据包和映像在 GitHub 等存储库和 Docker、Quay、Artifactory 等注册表中的漏洞和合规性问题。 \* #### 将部署锁定为仅限经过审查的映像和模板 利用 Cortex Cloud 代码扫描和容器沙盒分析来识别并阻止恶意代码和应用进入生产环境。 \* #### 捕获每个审计或安全事件的详细取证 在强大的时间轴视图中自动安全地收集取证细节,以实现事件响应。您可以在 Cortex Cloud 中查看数据,也可以将数据发送到其他系统进行深入分析。 \* #### 防止任何运行时环境中的危险活动 从集中控制台管理运行时策略,以确保安全性始终作为每个部署的一部分。将事故映射到 MITRE ATT\&CK^®^ 框架,再加上详细的取证和丰富的元数据,可以帮助 SOC 团队跟踪针对短暂云原生工作负载的威胁。 \* #### 情境感知的安全 借助完整的云开发人员清单、配置评估、自动修复等功能,在运行时检测和阻止导致数据泄露和合规性违规的错误配置和漏洞。 [![ASPM 指挥中心](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/supply-chain-security/ASPM%20Command-Center.png)](#prismastickyimagecomapproach3_prisma-custom-background_prismacustombackgrou_14379965_cleanParsys_software-supply-chain-security_cloud_cortex_zh_CN_pan_content_) {#modules} ## 更多应用程序安全功能 ### 基础架构即代码安全 嵌入到开发人员工作流程中的自动化 IaC 安全性 [了解更多](https://www.paloaltonetworks.cn/cortex/cloud/infrastructure-as-code-security?ts=markdown) ### 软件构成分析 (SCA) 高度准确和情境感知的开源安全性和许可证合规性 [了解更多](https://www.paloaltonetworks.cn/cortex/cloud/software-composition-analysis?ts=markdown) ### 应用安全态势管理 防止风险影响生产,从源头快速修复问题。 [了解更多](https://www.paloaltonetworks.cn/cortex/cloud/application-security-posture-management?ts=markdown) ### 机密安全 存储库和管道中的全栈、多维机密内容扫描。 [了解更多](https://www.paloaltonetworks.cn/cortex/cloud/secrets-security?ts=markdown) {#footer} ## 产品和服务 * [实时人工智能驱动的网络安全](https://www.paloaltonetworks.cn/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.cn/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.cn/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.cn/sase/ai-access-security?ts=markdown) * [云交付的安全服务](https://www.paloaltonetworks.cn/network-security/security-subscriptions?ts=markdown) * [高级威胁预防](https://www.paloaltonetworks.cn/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.cn/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.cn/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.cn/network-security/advanced-dns-security?ts=markdown) * [企业数据丢失防护](https://www.paloaltonetworks.cn/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.cn/network-security/enterprise-iot-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.cn/network-security/medical-iot-security?ts=markdown) * [工业 OT 安全](https://www.paloaltonetworks.cn/network-security/industrial-ot-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.cn/sase/saas-security?ts=markdown) * [新一代防火墙](https://www.paloaltonetworks.cn/network-security/next-generation-firewall?ts=markdown) * [硬件防火墙](https://www.paloaltonetworks.cn/network-security/hardware-firewall-innovations?ts=markdown) * [软件防火墙](https://www.paloaltonetworks.cn/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.cn/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.cn/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.cn/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.cn/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.cn/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.cn/sase?ts=markdown) * [应用加速](https://www.paloaltonetworks.cn/sase/app-acceleration?ts=markdown) * [自主数字体验管理](https://www.paloaltonetworks.cn/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.cn/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.cn/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.cn/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.cn/sase/sd-wan?ts=markdown) * [远程浏览器隔离](https://www.paloaltonetworks.cn/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.cn/sase/saas-security?ts=markdown) * [基于 AI 的安全运营平台](https://www.paloaltonetworks.cn/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.cn/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.cn/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.cn/cortex/cloud/application-security?ts=markdown) * [云态势安全](https://www.paloaltonetworks.cn/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.cn/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.cn/prisma/cloud?ts=markdown) * [人工智能驱动的 SOC](https://www.paloaltonetworks.cn/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.cn/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.cn/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.cn/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.cn/cortex/cortex-xpanse?ts=markdown) * [Unit 42 托管检测和响应](https://www.paloaltonetworks.cn/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.cn/cortex/managed-xsiam?ts=markdown) * [威胁情报和事件响应服务](https://www.paloaltonetworks.cn/unit42?ts=markdown) * [主动评估](https://www.paloaltonetworks.cn/unit42/assess?ts=markdown) * [事故响应](https://www.paloaltonetworks.cn/unit42/respond?ts=markdown) * [安全策略转型](https://www.paloaltonetworks.cn/unit42/transform?ts=markdown) * [发现威胁情报](https://www.paloaltonetworks.cn/unit42/threat-intelligence-partners?ts=markdown) ## 公司 * [关于我们](https://www.paloaltonetworks.cn/about-us?ts=markdown) * [人才招聘](https://jobs.paloaltonetworks.com/en/) * [联系我们](https://www.paloaltonetworks.cn/company/contact-sales?ts=markdown) * [企业责任](https://www.paloaltonetworks.com/about-us/corporate-responsibility) * [客户](https://www.paloaltonetworks.cn/customers?ts=markdown) * [投资者关系](https://investors.paloaltonetworks.com/) * [位置](https://www.paloaltonetworks.com/about-us/locations) * [新闻资讯](https://www.paloaltonetworks.cn/company/newsroom?ts=markdown) ## 热门链接 * [博客](https://www.paloaltonetworks.com/blog/?lang=zh-hans) * [社区](https://www.paloaltonetworks.com/communities) * [内容库](https://www.paloaltonetworks.cn/resources?ts=markdown) * [网络百科](https://www.paloaltonetworks.com/cyberpedia) * [事件中心](https://events.paloaltonetworks.com/) * [管理电子邮件首选项](https://start.paloaltonetworks.com/preference-center) * [产品清单](https://www.paloaltonetworks.cn/products/products-a-z?ts=markdown) * [产品认证](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance) * [报告漏洞](https://www.paloaltonetworks.com/security-disclosure) * [网站地图](https://www.paloaltonetworks.cn/sitemap?ts=markdown) * [技术文档](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [请勿出售或分享我的个人信息](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [隐私](https://www.paloaltonetworks.com/legal-notices/privacy) * [信任中心](https://www.paloaltonetworks.com/legal-notices/trust-center) * [使用条款](https://www.paloaltonetworks.com/legal-notices/terms-of-use) * [文档](https://www.paloaltonetworks.com/legal) 版权所有 © 2025 Palo Alto Networks。保留所有权利 * [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * CN Select your language