twigs supports discovery of your container images available as part of any your cloud container registries.
Amazon Elastic Container Registry (ECR)
Azure Container Registry (ACR)
Google Container Registry (GCR)
Amazon Elastic Container Registry (ECR)
Overview
Twigs supports discovery of container images from AWS Container Registry (ECR).
Pre-requisites
AWS CLI is required, please install it by following the steps mentioned here for your Operating System. Note you need to configure using AWS CLI and login into your ECR using “docker login” as well.
You can inventory all images in your ECR by specifying registry name or single image by specifying fully qualified image name (with optional tag).
Steps
You can run twigs to ingest this collected inventory into your ThreatWorx instance by following the below mentioned steps:
Open a new shell / terminal
Check that twigs is installed and running properly by running below command:
twigs ecr -h
Configure AWS CLI for the first time.
Perform “docker login” as described here.
You can run the command mentioned below:
twigs ecr [--registry REGISTRY] [--image IMAGE]
[--repository_type {public,private}] [--tmp_dir TMP_DIR]
[--check_vuln CHECK_VULN] [--check_all_vulns]
For information on vulnerabilities supported by twigs plugins, refer here.
After discovery is complete, you can login into ThreatWorx Console to view the newly discovered assets.
Azure Container Registry (ACR)
Overview
Twigs supports discovery of container images from Azure Container Registry (ACR).
Pre-requisites
Azure CLI is required, please install it by following the steps mentioned here for your Operating System. Note you need to login using az CLI and login into your ACR using “docker login” as well.
You can inventory all images in your ACR by specifying registry name or single image by specifying fully qualified image name (with tag).
Steps
You can run twigs to ingest this collected inventory into your ThreatWorx instance by following the below mentioned steps:
Open a new shell / terminal
Check that twigs is installed and running properly by running below command:
twigs acr -h
Sign in into Azure account using az CLI.
Perform “docker login” as described here.
You can run the command mentioned below:
twigs acr [--registry REGISTRY] [--image IMAGE] [--tmp_dir TMP_DIR]
[--check_vuln CHECK_VULN] [--check_all_vulns]
For information on vulnerabilities supported by twigs plugins, refer here.
After discovery is complete, you can login into ThreatWorx Console to view the newly discovered assets.
Google Container Registry (GCR)
Overview
Twigs supports discovery of container images from Google Container Registry (GCR).
Pre-requisites
Google Cloud SDK is required, please install it by following instructions mentioned here for your Operating System. The SDK provides tools (like gcloud) which are used. You can inventory all images in your GCR repository by specifying repository URL or single image by specifying fully qualified image name (with tag / digest).
Steps
You can run twigs to ingest this collected inventory into your ThreatWorx instance by following the below mentioned steps:
Open a new shell / terminal
Check that twigs is installed and running properly by running below command:
twigs gcr -h
Sign in into your Google Cloud Platform instance using gcloud CLI as described here on the box where you will be running twigs.
You can run the command mentioned below:
twigs gcr [--repository REPOSITORY] [--image IMAGE] [--tmp_dir TMP_DIR] [--check_vuln CHECK_VULN] [--check_all_vulns]
For information on vulnerabilities supported by twigs plugins, refer here.
After discovery is complete, you can login into ThreatWorx Console to view the newly discovered assets.