Given the following information, which twistcli command should be run if an administrator were to exec into a running container and scan it from within using an access token for authentication?
• Console is located at https://prisma-console.mydomain.local
• Token is: TOKEN_VALUE
• Report ID is: REPORT_ID
• Container image running is: myimage:latest
The correct twistcli command to scan a running container from within using an access token for authentication includes specifying the console address, token, containerized scanning, and the image as the last parameter. The command 'twistcli images scan --address https://prisma-console.mydomain.local --token TOKEN_VALUE --containerized --details myimage:latest' meets these criteria.
A Syntax When using 'twistcli images scan', the IMAGE or TARBALL to scan MUST be the LAST PARAMETER. If you specify options after the image or tarball, they are ignored. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/tools/twistcli_scan_images
C $ docker run \ -v /PATH/TO/TWISTCLI_DIR:/tools \ -e TW_TOKEN=<API_TOKEN> \ -e TW_CONSOLE=<COMPUTE_CONSOLE> \ --entrypoint="" \ <IMAGE_NAME> \ /tools/twistcli images scan \ --containerized \ --details \ --address $TW_CONSOLE \ --token $TW_TOKEN \ <REPORT_ID> https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/tools/twistcli_scan_images
The response from Jihe would be correct if this wasn't be run from within the container. In the question, we are running from inside the container, and therefor there is no need to specify an image/tarball. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/tools/twistcli_scan_image Further down in the documentation linked by Jihe, there is a section that shows the proper syntax when running twistcli from within a container. The example there is almost a perfect copy of this question. Spippolo has the correct response.