Azure ACR discovery


Twigs supports discovery of container images from Azure Container Registry (ACR).


Azure CLI is required, please install it by following the steps mentioned here for your Operating System. Note you need to login using az CLI and login into your ACR using “docker login” as well.

You can inventory all images in your ACR by specifying registry name or single image by specifying fully qualified image name (with tag).


You can run twigs to ingest this collected inventory into your ThreatWorx instance by following the below mentioned steps:

  • Open a new shell / terminal
  • Check that twigs is installed and running properly by running below command:

twigs acr -h

  • Sign in into Azure account using az CLI.
  • Perform “docker login” as described here.
  • You can run the command mentioned below:

twigs acr [--registry REGISTRY] [--image IMAGE] [--tmp_dir TMP_DIR] [--check_vuln CHECK_VULN] [--check_all_vulns]

  • For information on vulnerabilities supported by twigs plugins, refer here.
  • After discovery is complete, you can login into ThreatWorx Console to view the newly discovered assets.