Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Scan a docker contianer with Prisma Cloud Twistlock twistcli and report the results to the Prisma Cloud dashboard. Some variables are stored in the repository's CI variables configuration in the GitLab web interface. The $prisma_cloud_compute_url should be something like https://us-east1.cloud.twistlock.com/us-2-1111111111111, not https://api2.p…
prisma-cloud:
tags:
- kubernetes
stage: test
image: docker:stable
services:
- name: docker:dind
entrypoint: ["env", "-u", "DOCKER_HOST"]
command: ["dockerd-entrypoint.sh"]
variables:
DOCKER_HOST: tcp://docker:2375/
DOCKER_DRIVER: overlay2
# See https://github.com/docker-library/docker/pull/166
DOCKER_TLS_CERTDIR: ""
IMAGE: $CI_PROJECT_NAME:$CI_COMMIT_SHA
before_script:
- docker version
- docker info
- apk add --no-cache curl
- curl -u $prisma_cloud_compute_username:$prisma_cloud_compute_password --output ./twistcli $prisma_cloud_compute_url/api/v1/util/twistcli
- chmod +x ./twistcli
- ./twistcli --version
allow_failure: true
script:
- docker build -t $IMAGE .
- mkdir -p securethecloud
- docker save $IMAGE -o securethecloud/image.tar
- docker load -i securethecloud/image.tar
- IMAGEID=`docker images $IMAGE --format "{{.ID}}"`
- ./twistcli images scan --include-js-dependencies --docker-address $DOCKER_HOST --details --address $prisma_cloud_compute_url -u $prisma_cloud_compute_username -p $prisma_cloud_compute_password $IMAGEID
- if [ "$?" == "1" ]; then exit 1; fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment