Last active
January 14, 2022 07:32
-
-
Save deekayen/35d854446eb96d505c1a0e24ad520995 to your computer and use it in GitHub Desktop.
Scan a docker contianer with Prisma Cloud Twistlock twistcli and report the results to the Prisma Cloud dashboard. Some variables are stored in the repository's CI variables configuration in the GitLab web interface. The $prisma_cloud_compute_url should be something like https://us-east1.cloud.twistlock.com/us-2-1111111111111, not https://api2.p…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
prisma-cloud: | |
tags: | |
- kubernetes | |
stage: test | |
image: docker:stable | |
services: | |
- name: docker:dind | |
entrypoint: ["env", "-u", "DOCKER_HOST"] | |
command: ["dockerd-entrypoint.sh"] | |
variables: | |
DOCKER_HOST: tcp://docker:2375/ | |
DOCKER_DRIVER: overlay2 | |
# See https://github.com/docker-library/docker/pull/166 | |
DOCKER_TLS_CERTDIR: "" | |
IMAGE: $CI_PROJECT_NAME:$CI_COMMIT_SHA | |
before_script: | |
- docker version | |
- docker info | |
- apk add --no-cache curl | |
- curl -u $prisma_cloud_compute_username:$prisma_cloud_compute_password --output ./twistcli $prisma_cloud_compute_url/api/v1/util/twistcli | |
- chmod +x ./twistcli | |
- ./twistcli --version | |
allow_failure: true | |
script: | |
- docker build -t $IMAGE . | |
- mkdir -p securethecloud | |
- docker save $IMAGE -o securethecloud/image.tar | |
- docker load -i securethecloud/image.tar | |
- IMAGEID=`docker images $IMAGE --format "{{.ID}}"` | |
- ./twistcli images scan --include-js-dependencies --docker-address $DOCKER_HOST --details --address $prisma_cloud_compute_url -u $prisma_cloud_compute_username -p $prisma_cloud_compute_password $IMAGEID | |
- if [ "$?" == "1" ]; then exit 1; fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment