Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


How to Run Prisma Cloud TwistCLI tool in CI pipeline

I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Sep 26, 2023


I am trying to add the prisma twistcli tool in bitbucket pipeline.

I am getting the following error when my twistcli command is executed:

Get "http://unix.sock/version": dial unix /var/run/docker.sock: connect: no such file or directory

 this is my command looks like:

./twistcli images scan --address <prisma_console_url> --user <access-key> --password <secret> <Image name>

I searched about this error and it is related to the docker.sock file which twistcli need in order to run the scan. 

hence I tried with adding the following line in my script:

docker run -v /var/run/docker.sock:/var/run/docker.sock <image-name>

but when I use this the pipeline is stuck at :

[notice] 1#1: start worker process 36

I also wanted to know that when I am running the same command with --containerized  option it is running successfully but the image which I want to scan is not scanned by the twistcli. So what is actually the use of --containerized  option and in this case which image is scanned by twistcli


Kindly please help if someone is already implemented this solution

1 answer

1 vote
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Sep 27, 2023

Hi Anubhav and welcome to the community!

The reason for the first error you mentioned is that the Pipelines environment does not use the default unix domain socket (or IPC socket) created /var/run/docker.sock to communicate with the docker daemon, but instead uses the tcp socket at tcp://

You could fix this error by using the --docker-address option as follows:

./twistcli images scan --address <prisma_console_url> --user <access-key> --password <secret> --docker-address tcp://localhost:2375 <Image name>

However, if you run this command in Pipelines build on Atlassian infrastructure, you may come across another error:

authorization denied by plugin pipelines: --security-opt is not allowed

I've seen this reported by other users because twistcli seems to need the docker option --security-opt, which is restricted in Pipelines:

If you have a Linux machine where you can run builds, you could use a Linux Docker Runner instead for this step:

And use a custom docker-in-docker image for the runner:

If you have a Linux Docker Runner with a custom dind image, you can use the restricted commands mentioned on the first link I shared (the restrictions won't apply).

If you want to run the build on Atlassian's infrastructure, I've seen other users report they made it work the way described here:

Regarding your question about the --containerized option, I don't know the answer. I would suggest reaching out to a forum specific to Prisma Cloud or to the product's support team for more info.

Kind regards,

Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events