Scan a docker contianer with Prisma Cloud Twistlock twistcli and report the results to the Prisma Cloud dashboard. Some variables are stored in the repository's CI variables configuration in the GitLab web interface. The $prisma_cloud_compute_url should be something like https://us-east1.cloud.twistlock.com/us-2-1111111111111, not https://api2.p…
| prisma-cloud: | |
| tags: | |
| - kubernetes | |
| stage: test | |
| image: docker:stable | |
| services: | |
| - name: docker:dind | |
| entrypoint: ["env", "-u", "DOCKER_HOST"] | |
| command: ["dockerd-entrypoint.sh"] | |
| variables: | |
| DOCKER_HOST: tcp://docker:2375/ | |
| DOCKER_DRIVER: overlay2 | |
| # See https://github.com/docker-library/docker/pull/166 | |
| DOCKER_TLS_CERTDIR: "" | |
| IMAGE: $CI_PROJECT_NAME:$CI_COMMIT_SHA | |
| before_script: | |
| - docker version | |
| - docker info | |
| - apk add --no-cache curl | |
| - curl -u $prisma_cloud_compute_username:$prisma_cloud_compute_password --output ./twistcli $prisma_cloud_compute_url/api/v1/util/twistcli | |
| - chmod +x ./twistcli | |
| - ./twistcli --version | |
| allow_failure: true | |
| script: | |
| - docker build -t $IMAGE . | |
| - mkdir -p securethecloud | |
| - docker save $IMAGE -o securethecloud/image.tar | |
| - docker load -i securethecloud/image.tar | |
| - IMAGEID=`docker images $IMAGE --format "{{.ID}}"` | |
| - ./twistcli images scan --include-js-dependencies --docker-address $DOCKER_HOST --details --address $prisma_cloud_compute_url -u $prisma_cloud_compute_username -p $prisma_cloud_compute_password $IMAGEID | |
| - if [ "$?" == "1" ]; then exit 1; fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment