Docker image discovery


twigs supports discovering docker container images as an asset in ThreatWorx. This will discover source code assets from your docker container as well. For more details on source code assets, refer to Source Code Asset discovery in twigs.


Docker CLI and service are required for discovering docker images. For more details on installing docker CLI and service for your operating system, refer to this link.


You can follow the steps below to discover your docker container images/instances as assets in ThreatWorx:

  • Open a new shell / terminal
  • Check that twigs is installed and running properly by running below command:

twigs docker -h

  • You can run the command below:

twigs docker --image IMAGE [--assetid ASSETID] [--assetname ASSETNAME] [--tmp_dir TMP_DIR] [--start_instance] [--check_vuln CHECK_VULN] [--check_all_vulns]

where IMAGE has format (repo:tag) and if tag is not specified, then “latest” is assumed.

  • For information on vulnerabilities supported by twigs plugins, refer here.
  • After discovery is complete, you can login into ThreatWorx console to view the newly discovered asset.