Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to Run Prisma Cloud TwistCLI tool in CI pipeline

anubhav_sharma
anubhav_sharma
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 26, 2023

Hi, 

I am trying to add the prisma twistcli tool in bitbucket pipeline.

I am getting the following error when my twistcli command is executed:

Get "http://unix.sock/version": dial unix /var/run/docker.sock: connect: no such file or directory

 this is my command looks like:

./twistcli images scan --address <prisma_console_url> --user <access-key> --password <secret> <Image name>

I searched about this error and it is related to the docker.sock file which twistcli need in order to run the scan. 

hence I tried with adding the following line in my script:

docker run -v /var/run/docker.sock:/var/run/docker.sock <image-name>

but when I use this the pipeline is stuck at :

[notice] 1#1: start worker process 36

I also wanted to know that when I am running the same command with --containerized  option it is running successfully but the image which I want to scan is not scanned by the twistcli. So what is actually the use of --containerized  option and in this case which image is scanned by twistcli

 

Kindly please help if someone is already implemented this solution

Answer
Watch
Like Be the first to like this
3090 views

1 answer

1 accepted

1 vote
Answer accepted
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 27, 2023

Hi Anubhav and welcome to the community!

The reason for the first error you mentioned is that the Pipelines environment does not use the default unix domain socket (or IPC socket) created /var/run/docker.sock to communicate with the docker daemon, but instead uses the tcp socket at tcp://127.0.0.1:2375.

You could fix this error by using the --docker-address option as follows:

./twistcli images scan --address <prisma_console_url> --user <access-key> --password <secret> --docker-address tcp://localhost:2375 <Image name>

However, if you run this command in Pipelines build on Atlassian infrastructure, you may come across another error:

authorization denied by plugin pipelines: --security-opt is not allowed

I've seen this reported by other users because twistcli seems to need the docker option --security-opt, which is restricted in Pipelines:


If you have a Linux machine where you can run builds, you could use a Linux Docker Runner instead for this step:

And use a custom docker-in-docker image for the runner:

If you have a Linux Docker Runner with a custom dind image, you can use the restricted commands mentioned on the first link I shared (the restrictions won't apply).


If you want to run the build on Atlassian's infrastructure, I've seen other users report they made it work the way described here:

Regarding your question about the --containerized option, I don't know the answer. I would suggest reaching out to a forum specific to Prisma Cloud or to the product's support team for more info.

Kind regards,
Theodora

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Upcoming Bitbucket Events