Skip to content

Instantly share code, notes, and snippets.

@deekayen
Last active January 14, 2022 07:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save deekayen/35d854446eb96d505c1a0e24ad520995 to your computer and use it in GitHub Desktop.
Save deekayen/35d854446eb96d505c1a0e24ad520995 to your computer and use it in GitHub Desktop.
Scan a docker contianer with Prisma Cloud Twistlock twistcli and report the results to the Prisma Cloud dashboard. Some variables are stored in the repository's CI variables configuration in the GitLab web interface. The $prisma_cloud_compute_url should be something like https://us-east1.cloud.twistlock.com/us-2-1111111111111, not https://api2.p…
prisma-cloud:
tags:
- kubernetes
stage: test
image: docker:stable
services:
- name: docker:dind
entrypoint: ["env", "-u", "DOCKER_HOST"]
command: ["dockerd-entrypoint.sh"]
variables:
DOCKER_HOST: tcp://docker:2375/
DOCKER_DRIVER: overlay2
# See https://github.com/docker-library/docker/pull/166
DOCKER_TLS_CERTDIR: ""
IMAGE: $CI_PROJECT_NAME:$CI_COMMIT_SHA
before_script:
- docker version
- docker info
- apk add --no-cache curl
- curl -u $prisma_cloud_compute_username:$prisma_cloud_compute_password --output ./twistcli $prisma_cloud_compute_url/api/v1/util/twistcli
- chmod +x ./twistcli
- ./twistcli --version
allow_failure: true
script:
- docker build -t $IMAGE .
- mkdir -p securethecloud
- docker save $IMAGE -o securethecloud/image.tar
- docker load -i securethecloud/image.tar
- IMAGEID=`docker images $IMAGE --format "{{.ID}}"`
- ./twistcli images scan --include-js-dependencies --docker-address $DOCKER_HOST --details --address $prisma_cloud_compute_url -u $prisma_cloud_compute_username -p $prisma_cloud_compute_password $IMAGEID
- if [ "$?" == "1" ]; then exit 1; fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment