Codefresh Steps: Reusable Code for Common Operations
This page provides code you can use to perform common operations in the Codefresh CI/CD platform.
10

Run a Twistlock security scan twistlock

Scan a docker image with the Twistlock security service.

arguments

  • CODEFRESH_CLI_KEY - https://g.codefresh.io/account/tokens
  • COMPLIANCE_THRESHOLD - [ low, medium, high ] sets the the minimal severity compliance issue that returns a fail exit code
  • CONSOLE_HOSTNAME - Twistlock hostname/ip
  • CONSOLE_PASSWORD - password
  • CONSOLE_PORT - port
  • CONSOLE_USERNAME - username
  • DETAILS - true|false - prints an itemized list of each vulnerability found by the scanner
  • HASH - hashing algorithm (one of: md5, sha1, sha256)
  • INCLUDE_PACKAGE_FILES - true|false - List all packages in the image.
  • ONLY_FIXED - true|false - reports just the vulnerabilites that have fixes available
  • TLSCACERT - CA Cert if provided TLS will be used
  • VULNERABILITY_THRESHOLD - [ low, medium, high, critical ] sets the minimal severity vulnerability that returns a fail exit code
    TwistlockScanImage:
  type: twistlock
  arguments:
    TEST_IMAGE: '${{TEST_IMAGE}}'
    CODEFRESH_CLI_KEY: '${{CODEFRESH_CLI_KEY}}'
    CONSOLE_HOSTNAME: '${{CONSOLE_HOSTNAME}}'
    CONSOLE_PORT: '${{CONSOLE_PORT}}'
    CONSOLE_USERNAME: '${{CONSOLE_USERNAME}}'
    CONSOLE_PASSWORD: '${{CONSOLE_PASSWORD}}'
    COMPLIANCE_THRESHOLD: '${{COMPLIANCE_THRESHOLD}}'
    VULNERABILITY_THRESHOLD: '${{VULNERABILITY_THRESHOLD}}'

  
github.com
Dustin Van Buskirk
Jul 4, 2021