US 12,248,586 B2
Auto generating build time policies from run time policies for shift left security
Krishnan Shankar Narayan, San Jose, CA (US); and Shrikumar Narayan Chari, Cupertino, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on Dec. 31, 2021, as Appl. No. 17/646,691.
Prior Publication US 2023/0214506 A1, Jul. 6, 2023
Int. Cl. G06F 17/00 (2019.01); G06F 21/60 (2013.01)
CPC G06F 21/604 (2013.01) 20 Claims
OG exemplary drawing
 
1. A computer implemented method comprising:
tokenizing a plurality of application programming interface (API) specifications and a set of one or more infrastructure as code (IaC) configuration files;
for at least a first resource model in the set of IaC configuration files, identifying a first of the plurality of API specifications that satisfies a mapping criterion;
based on identifying the first API specification, mapping tokens of the first API specification to tokens of the first resource model according to token matching rules; and
generating, with the token mappings, a mapping model for converting a runtime rule query for a security policy to a buildtime query applicable to the set of IaC configuration files.