PaloAltoNetworks
running twistcli from a container securely
Is your feature request related to a problem?
we are building containers and the containers needs to be scanned for CVE's. we chose twistlock to do the job. we use gitlab and gitlab-runners are running as containers on a shared kubernetes infra where running privileged containers is disallowed.
As mentioned in the sample code, here cicd/gitlab/.gitlab-ci.yml you need to depend on dind (docker-in-docker) container to run twistcli. As twistcli requires a docker socket to scan the container image. This is insecure ways of running a container. And in our production environments, we are disallowed to run privileged containers. I explored few solutions but cannot seem to find any alternatives.
Describe the solution you'd like
twistcli must be run from a container with out the need for the container to be running in a privileged mode.
Describe alternatives you've considered
As of now, i have to setup a standalone virtual machine, install docker on it and configure a gitlab-runner there & setup a shell executor to execute the twistcli remotely on this agent host.
Additional context
Can we help run twistlock from a container securely. as docker:dind or docker:dood alternatives are not secure.
:tada: Thanks for opening your first issue here! Welcome to the community!
![welcome-to-palo-alto-networks[bot] avatar](https://avatars.githubusercontent.com/in/77985?v=4 "Published by a pub.dev verified publisher"){kind=small}