Twistlock - matthewfincher/blacksky GitHub Wiki
Tech Support Michael: 202-431-8526
Name: SecDevOps-Twistlock
OS: CentOS 7
Instance Type: c4.xlarge
NOTE: c4.xlarge was selected because Twistlock registry scanning requires 2GB of RAM and 4 CPUs.
ssh -i "SecDevOps-001.pem" [email protected]
Twistlock Console: http://52.91.171.62:8081
UN: Admin
PW: <breakfast>
NOTE: Twistlock is registered with a developer license
Install Twistlock Console and Defender
$ sudo yum update
# Docker
$sudo tee /etc/yum.repos.d/docker.repo <<-'EOF'
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
EOF
$ sudo yum install docker-engine -y
$ sudo service docker start
$ docker run hello-world
# twistlock
$ yum install wget -y
$ wget https://cdn.twistlock.com/cc6aaa98/twistlock-1-5-48.tar.gz
$ chmod +x twistlock.sh
$ sudo ./twistlock.sh -s onebox
Where:
-s: Agree to EULA.
onebox: Install all Twistlock components onto a single server.
Verify that Twistlock has been properly installed...
$ sudo docker ps --format "table {{.ID}}\t{{.Status}}\t{{.Names}}"
Vulnerability scanning for CI pipeline.
After Jenkins builds a container image, the Twistlock plugin scans it for vulnerabilities.
-
An engineer commits a change for a container under development. The commit triggers a build.
-
Jenkins builds the container image.
-
As part of the build process, Jenkins calls the Twistlock plugin. The plugin collects data about the packages and binaries included in the image and sends them to Console for analysis.
-
Console returns a list of vulnerabilities to the plugin, which passes them to Jenkins.
-
Twistlock passes or fails the build. The results of the scan are aggregated into a report, and presented in the Jenkins portal.
###Twistlock Technology Overview
