...
Note: Twistlock (Prismacloud) is a licensed tool and please open an support Jira request as it requires work from our end to add your license to enable the integration.
Registering Twistlock to Tool Registry
Login tohttps://portal.opsera.io -> Tool Registry -> Click “Select +New Tool” ButtonTool.
Enter a name unique Tool Name and select “Twistlock” as Tool Identifier.
Click “Create” button for the tool to be registered.
Navigate to the tool and navigate to Connections tab. Enter connection details - URL, ID and password and select Save.
“Test Connection” to ensure tool connection succeeds and that credentials are valid
Twislock configuration is complete.
Navigate to Pipelines.
Navigate to a pipeline to add Twistlock step as part of container scan.
Click Edit workflow and add new stage to pipeline by clicking + icon in the workflow
Click Save and Exit.
Click Settings (gear icon⚙️) in the pipeline to navigate to Step Configuration. Make the following selections:
Jenkins Tool Selection - Choose Jenkins tool.
Twistlock Tool - Choose Twistlock tool
Docker Build Step - Choose Docker Build tool.
Compliance Threshold - Select a compliance threshold level from the following options: Critical, High, Medium, Low, or Total. Enter a count.
Vulnerability Threshold - Select a vulnerability threshold level from the following options: Critical, High, Medium, Low, or Total. Enter a count
Save Step Configuration and select Start pipeline.
...
13. Navigate to Summary tab to view the Console Output in step run.
14. Click the Console Log to view the step output from Twistlock tool.
...
15. Close the Console Log and navigate to pipeline view to validate other stages in the pipeline.
Note: KPI’s for twistlock is in progress and this page will be updated as and when the KPI’s are updated.
Note: Please follow below links to set up vulnerability rules, Severity based rules, Scope, rule exceptions, etc.
Vulnerability Management: https://docs.twistlock.com/docs/compute_edition_21_04/vulnerability_management/vuln_management_rules.html
Severity Based Rules: https://docs.twistlock.com/docs/compute_edition_21_04/vulnerability_management/vuln_management_rules.html#severity-based-actions
Rule Exceptions: https://docs.twistlock.com/docs/compute_edition_21_04/vulnerability_management/vuln_management_rules.html#rule-exceptions