Overview
Twigs supports discovery of container images from Oracle Cloud Infrastructure Registry (aka Oracle Container Registry).
Pre-requisites
Please setup OCI SDK and CLI as described here on the Twigs box. Twigs uses default configuration file from following location “~/.oci/config” and it refers to the DEFAULT profile in the configuration file. You can specify your custom configuration file location and profile name on the twigs command-line.
Twigs requires that you perform “docker login” to pull container images from Oracle Container Registry. “docker login” requires that you have an “auth token”. To generate the “auth token” and perform “docker login” follow this documentation.
Steps
You can run twigs to ingest this collected inventory into your ThreatWorx instance by following the below mentioned steps:
- Open a new shell / terminal
- Check that twigs is installed and running properly by running below command:
twigs ocr -h
- Ensure that you have setup OCI CLI and performed “docker login” as mentioned in pre-requisites section
- You can run the command mentioned below:
twigs ocr --region REGION [--repository REPOSITORY] [--tmp_dir TMP_DIR] [--config_file CONFIG_FILE] [--config_profile CONFIG_PROFILE] [--check_vuln CHECK_VULN] [--check_all_vulns]
- If you wish to discover a specific “repository” then specify repository name, else twigs will discover all container images in specified “region” across repositories
- You can specify your custom configuration file location (CONFIG_FILE) and profile name (CONFIG_PROFILE) on the twigs command-line.
- For information on vulnerabilities supported by twigs plugins, refer here.
- After discovery is complete, you can login into ThreatWorx Console to view the newly discovered assets.
Example
$ twigs ocr --region us-central1 --check_all_vulns
Discover container images across all repositories in the specified region.
$ twigs ocr --region REGION --repository "my_container_repo" --check_all_vulns
Discover container images for the specified repository.