You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
I am trying to add the prisma twistcli tool in bitbucket pipeline.
I am getting the following error when my twistcli command is executed:
Get "http://unix.sock/version": dial unix /var/run/docker.sock: connect: no such file or directory
this is my command looks like:
./twistcli images scan --address <prisma_console_url> --user <access-key> --password <secret> <Image name>
I searched about this error and it is related to the docker.sock file which twistcli need in order to run the scan.
hence I tried with adding the following line in my script:
docker run -v /var/run/docker.sock:/var/run/docker.sock <image-name>
but when I use this the pipeline is stuck at :
[notice] 1#1: start worker process 36
I also wanted to know that when I am running the same command with --containerized option it is running successfully but the image which I want to scan is not scanned by the twistcli. So what is actually the use of --containerized option and in this case which image is scanned by twistcli
Kindly please help if someone is already implemented this solution
Hi Anubhav and welcome to the community!
The reason for the first error you mentioned is that the Pipelines environment does not use the default unix domain socket (or IPC socket) created /var/run/docker.sock to communicate with the docker daemon, but instead uses the tcp socket at tcp://127.0.0.1:2375.
You could fix this error by using the --docker-address option as follows:
./twistcli images scan --address <prisma_console_url> --user <access-key> --password <secret> --docker-address tcp://localhost:2375 <Image name>
However, if you run this command in Pipelines build on Atlassian infrastructure, you may come across another error:
authorization denied by plugin pipelines: --security-opt is not allowed
I've seen this reported by other users because twistcli seems to need the docker option --security-opt, which is restricted in Pipelines:
If you have a Linux machine where you can run builds, you could use a Linux Docker Runner instead for this step:
And use a custom docker-in-docker image for the runner:
If you have a Linux Docker Runner with a custom dind image, you can use the restricted commands mentioned on the first link I shared (the restrictions won't apply).
If you want to run the build on Atlassian's infrastructure, I've seen other users report they made it work the way described here:
Regarding your question about the --containerized option, I don't know the answer. I would suggest reaching out to a forum specific to Prisma Cloud or to the product's support team for more info.