Twistlock - Manual Upload of Container SCA

ZeroNorth Experts
,
1

Suggested reading: ZN’s Supported Execution Modes, Twistlock - ZN’s Supported Executions Modes & Supported Versions of Tool.

If you already have scan results from your Prisma Cloud Compute (formerly Twistlock) platform, the ZeroNorth platform provides a way to easily upload those results so that the results are shown along with your other results you already have in ZeroNorth.

Overview

The process for manually uploading Prisma Cloud Compute scan results is as follows:

  1. You have the JSON output file from the Prisma Cloud Compute SCA scan of your container image.
  2. You activate the “Twistlock” Scenario in znADM > Scenarios .
  3. You add an appropriate Integration and a Target .
  4. You add a Receiver Policy . A receiver policy is like any ZeroNorth policy, but specialized for receiving file uploads.
  5. Use the Receiver Policy to upload your scan JSON file.

The above steps are explained in more detail below.

Activate the Twistlock Scenario

View our KB Twistlock - Activate Scenario article.

Add an Integration of Type Docker

View our KB Docker - Add Integration article.

  • For the username , and password , you can fill with dummy values since we’re doing a Manual Upload.

Add a Docker Type Target

Next, create a Target to represent the container image that the scan targeted. You will want to create a Target of the Type Docker using the Integration from the above step or another similar Integration :

  • Go to znOPS > Targets .
  • Click +Add Target .
  • Enter a Name for the Target (see our Target Name Recommendations).
  • Set Filter Integrations by Type to “Docker”.
  • Select the Integration , e.g. the one from the above step.

Add a Receiver Policy

Suggested reading: Create a Policy

A Receiver Policy is identical to any other Scan Policy, except that it has the Initiate Scan From set to “Manual Issue Upload”. Additionally, Targets can be based on Integrations that are empty shells (e.g., a Docker Integration does not need to authenticate to Docker Hub and so you can just provide dummy values for the credentials fields) and the same applies to Scenarios.

  1. Go to znOPS > Policies.
  2. Click +Add Policy .
  3. Enter a Name for the Policy.
  4. Set Filter Integrations By Type to “Docker”.
  5. Select the Integration you created in the above step (or an appropriate one you already have).
  6. Set Initiate Scan From to “Manual Issue Upload”.
  7. Select the Target you created in the above step (or an appropriate one you already have).
  8. Select the Scenario you created in the above step (or an appropriate one you already have).
  9. If using a Scenarios that offers option between “Orchestrated Scan” and “Data Load”, select “Orchestrated Scan”.
  10. Click Save .

The Receiver Policy is now ready and is indicated as follows:
image

Uploading the Scan Output File

To upload your Twistlock scan output file using the Receiver Policy you just created:

  1. Go to znOPS > Policies.
  2. Locate your new Receiver Policy.
  3. Click on to far right of the Policy, and then select Upload File .
  4. In the modal pop-up window, click Choose File .
  5. Select the file from your local computer.
  6. Click Run .

The upload takes seconds to minutes depending on the size of the file and your network speed. After the upload completes, ZeroNorth performs post processing which may take additional few seconds to minutes.

The results of the uploaded Twistlock scan can be viewed in one of two ways:

  1. znOPS > Policies - select you Receiver Policy and then select "View Scan Issues:
    image
  2. znHUB > Target Dashboard - select your Target from the list on left:

Uploading a Scan Output File in Batch

To facilitate automation of uploads in batch mode, use one of the scripts provided in the relate article Manual Upload of Scan Results .