Twigs supports discovery of container images from Google Container Registry (GCR).
Google Cloud SDK is required, please install it by following instructions mentioned here for your Operating System. The SDK provides tools (like gcloud) which are used. You can inventory all images in your GCR repository by specifying repository URL or single image by specifying fully qualified image name (with tag / digest).
You can run twigs to ingest this collected inventory into your ThreatWorx instance by following the below mentioned steps:
- Open a new shell / terminal
- Check that twigs is installed and running properly by running below command:
twigs gcr -h
- Sign in into your Google Cloud Platform instance using gcloud CLI as described here on the box where you will be running twigs.
- You can run the command mentioned below:
twigs gcr [--repository REPOSITORY] [--image IMAGE] [--tmp_dir TMP_DIR] [--check_vuln CHECK_VULN] [--check_all_vulns]
- For information on vulnerabilities supported by twigs plugins, refer here.
- After discovery is complete, you can login into ThreatWorx Console to view the newly discovered assets.