Task to scan container images or serverless functions using twistcli during Azure DevOps Build & Release pipelines
Tasks for scanning container images and serverless functions in pipelines using twistcli
How to use
The extension assumes that the twistcli command is available in the PATH (e.g. usr/bin) and executable. You can use a separate task (e.g. Universal Package download) to download it into your Azure DevOps Pipeline.
# Example for Command Line Task after Universal Download
sudo mv $(System.DefaultWorkingDirectory)/twistcli /usr/bin/twistcli
sudo chmod +x /usr/bin/twistcli
We've made twistcli pluggable by design so there's no need to uninstall/reinstall the Twistlock extension from your organizations/projects/pipelines for each new Twistlock version upgrade, simply upload the updated twistcli binary to your feed and select that version to be used in your pipeline.
The twistcli version needs to match the Twistlock Console version.
Twistlock twistcli scan which scans a Docker container image or serverless function bundle zip file, displays the results locally, and sends them to the Twistlock Console.
Twistlock embed RASP which updates a Dockerfile allowing for the RASP defender to be embedded in the container image as it's built.