Twistlock was recently acquired by Palo Alto and was subsequently rebranded as Prisma Cloud. Prisma Cloud plays in several categories that overlap with GitLab. Pricing is based on the number of “workload” (aka. pods) that are protected.
Palo Alto’s Prisma Cloud product provides lifecycle security for containerized environments, “from pipeline to perimeter”. Prisma Cloud capabilities include runtime defense, vulnerability management, cloud native firewalls, and pre-built compliance templates for HIPAA, PCI, GDPR, and NIST SP 800-190. It can be integrated into your CI/CD pipeline. Automated and custom policies can block builds or deployments based on vulnerabilities or compliance requirements. Runtime capabilities were recently expanded from only containerized applications to include VMs.
Comparison to GitLab
Prisma Cloud's runtime and container security features are robust, but they do not offer the breadth of GitLab’s security scans. GitLab Ultimate automatically includes broad security scanning with every code commit including Static and Dynamic Application Security Testing, along with dependency scanning, container scanning, and license management. Prisma Cloud is also expensive, while much of the current feature set that GitLab provides is available for free. Additionally, the heavy operational maintenance burden of Prisma Cloud further adds to the cost. If what GitLab provides today can be considered ‘good enough’, then customers can potentially save a huge amount of money.
Prisma Cloud is a decent choice for customers that only need basic vulnerability scanning; however, their vulnerability management tool only intakes data from a single, limited source: known CVEs. This leaves them blind to other vulnerabilities that may be identified through SAST or DAST scans. For customers to properly secure their applications, they should consider a solution that includes good SAST and DAST scanners. Rather than using separate scanners to meet their needs, it will be much simpler and easier to use GitLab, which both has a wide range of scanning capabilities, a native integration with SCM, and has been recognized in the Gartner Magic Quadrant for Application Security Testing (AST).