Twistlock is the cloud native cybersecurity platform for modern applications. From precise, actionable vulnerability management to automatically-deployed runtime protection and firewalls, Twistlock protects applications across the development lifecycle and into production. Purpose-built for containers, serverless, and other leading technologies — Twistlock gives developers the speed they want, and CISOs the controls they need.
Plugin Version 1.0.1.2020102201 Revised on April 12, 2019
Document convention
All required parameters in all procedures (including Configuration Procedure) are marked in bold italics.
Plugin configurations
Plugin configurations are sets of parameters that apply across some or all of the plugin procedures. They reduce repetition of common values, create predefined parameter sets for end users, and securely store credentials where needed. Each configuration is given a unique name that is entered in designated parameters on procedures that use them.
Creating plugin configurations
To create plugin configurations in ElectricFlow, do these steps:
-
Go to
to open the Plugin Manager. -
Find the EC-Twistlock row.
-
Click Configure to open the EC-Twistlock Configurations page.
-
Click Create Configuration.
-
To enable CloudBees CD server to communicate with the API, enter the following information:
The EC-Twistlock Configurations page now shows the new configuration.
Editing plugin configurations
To edit plugin configurations in ElectricFlow, do these steps:
-
Go to
to open the Plugin Manager. -
Find the EC-Twistlock row.
-
Click Configure to open the Configurations page. Find the configuration that you want to edit.
-
Click Edit. Edit the parameters in the configuration.
-
Click OK to save the modified configuration.
Plugin procedures
RunImageScan
This procedure scans an image by invoking the Twistlock CLI with various options specified by the user.
Parameter | Description |
---|---|
Configuration Name |
The name of the configuration that contains the information to connect to the twistlock server. (Required) |
Image: |
Specify the Image to scan by specifying the exact name of the image. For example ubuntu:latest. If the scan is run on Linux environment you could use a suffix pattern to scan more than one image. For example ubuntu* would scan all images whose names begin with ubuntu. |
Only fail builds when a vendor fix is available: |
If checked the scan will fail only if the image scanned has a fix from the Vendor. |
Vulnerability Threshold: |
Fail a scan whose severity vulnerabilities exceed this threshold. |
Compliance Threshold: |
Fail a scan whose compliance vulnerabilities exceed this threshold. |
Grace period (in days): |
Grace period (in days). |
Docker address: |
Docker socket address (e.g., unix:///var/run/docker.sock, http://hostname:port).(Required) |
CA certificate: |
Full path to Docker Certificate Authority (CA) certificate (PEM format). Required only if you are using TLS for your security protocol. Leave as blank if using unix socket. |
Client certificate: |
Full path to Docker client certificate signed by the CA (PEM format). Required only if you are using TLS for your security protocol. Leave as blank if using unix socket. |
Client key: |
Full path to Docker client key (PEM format). Required only if you are using TLS for your security protocol. Leave as blank if using unix socket. |
Output Parameter (Electric Flow 8.3+) | Description |
---|---|
twistlockImageScanReportUrl |
Twistlock Image Scan Text Report URL (Relative to commander base path) |
twistlockImageScanResultJson |
Twistlock Image Scan JSON formatted Report URL (Relative to commander base path) |
VulerabilityCountLow |
Low Severity Vulnerability Counts |
VulerabilityCountMedium |
Medium Severity Vulnerability Counts |
VulerabilityCountHigh |
High Severity Vulnerability Counts |
VulerabilityCountCritical |
Critical Severity Vulnerability Counts |
VulerabilityCountTotal |
Total Vulnerability Counts |
ComplianceCountLow |
Low Severity Compliance Counts |
ComplianceCountMedium |
Medium Severity Compliance Counts |
ComplianceCountHigh |
High Severity Compliance Counts |
ComplianceCountCritical |
Critical Severity Compliance Counts |
ComplianceCountTotal |
Total Compliance Counts |
CreateTwistlockPolicyReport
This procedure generates a Twistlock Policy report containing both Vulnerability as well as Compliance Policies applied to a specific image.
Parameter | Description |
---|---|
Configuration Name |
The name of the configuration that contains the information to connect to the twistlock server. (Required) |
Image: |
Specify the Image for which you want the policy report to be created by specifying the exact name of the image. For example ubuntu:latest. Or you could use a suffix pattern to create a policy report for more than one image as well. For example ubuntu* would create a policy report for all images whose names begin with ubuntu. |
Result Property: |
Property to store results. By default, /myJob/TwistlockPolicyReport. Please refer to Result Format documentation. |
Result Format: |
Format to store results, JSON or property sheet. Retrieved issues will be saved under this property. Please refer to Result Format documentation. |
Create Summary Link? |
If checked, a report will be generated and attached to the job/pipeline summary. This is Checked by default. |