Overview
Twigs supports discovery of container images from Google Container Registry (GCR) and Google Artifact Registry.
Pre-requisites
Google Cloud SDK is required, please install it by following instructions mentioned here for your Operating System. The SDK provides tools (like gcloud) which are used. You can inventory all images in your GCR repository by specifying repository URL or single image by specifying fully qualified image name (with tag / digest).
Steps
You can run twigs to ingest this collected inventory into your ThreatWorx instance by following the below mentioned steps:
- Open a new shell / terminal
- Check that twigs is installed and running properly by running below command:
twigs gcr -h
- Sign in into your Google Cloud Platform instance using gcloud CLI as described here on the box where you will be running twigs.
- Perform “docker login” as it is required to pull container images from GCR for assessment.
- You can run the command mentioned below:
twigs gcr (--location LOCATION | --repository REPOSITORY | --image IMAGE) [--tmp_dir TMP_DIR] [--check_vuln CHECK_VULN] [--check_all_vulns]
- For information on vulnerabilities supported by twigs plugins, refer here.
- After discovery is complete, you can login into ThreatWorx Console to view the newly discovered assets.
Examples
$ twigs gcr --location us-west1 --check_all_vulns
Discover your container images across all container repositories in the specified location as assets in ThreatWorx.
$ twigs gcr --repository "us-central1-docker.pkg.dev/my-prod-3009768/my-container-repo"
--check_all_vulns
Discover your container images in the specified repository.
$ twigs gcr --image gcr.io/google-containers/zeppelin:v0.5.6_v1
Discover the specified container image as an asset in ThreatWorx.