Twistlock images can be retrieved from our cloud registry, and are available to all current customers. This option simplifies a lot of workflows, especially the install flow.

All builds, including private builds, are published to the registry. Private builds are used to temporarily address specific customer issues. Unless you’ve been asked to use a private build by a Twistlock representative during the course of a support case, you should only pull officially published builds listed on the Releases page.

You can optionally manage Twistlock images in your own registry. When you download a release tarball, you get both the Console and Defender images. You can push the Twistlock images to your own private registry, and manage them from there as you see fit. The Console image is delivered as a .tar.gz file in the release tarball. After Console is installed, the Defender image can be downloaded from the dashboard, under Manage > System > Downloads, or from the Twistlock API.

There are two different methods for accessing images in the cloud registry:

  • Basic authorization.

  • URL authorization.

The length of time that images are available on the cloud registry complies with our standard n-1 support lifecycle.

1. Retrieving Twistlock images using basic auth

Authenticate using docker login, then retrieve the Twistlock images using docker pull. For basic authorization, the registry is accessible at registry.twistlock.com.

Prerequisites

  • You have your Twistlock access token.

Procedure

  1. Authenticate with the registry.

    $ docker login registry.twistlock.com
    Username:
    Password:

    Where Username can be any string, and Password must be your access token.

  2. Pull the Twistlock images from the registry.

    Pull the Console image:

    $ docker pull registry.twistlock.com/twistlock/console:console_<VERSION>

    Pull the Defender image.

    $ docker pull registry.twistlock.com/twistlock/defender:defender_<VERSION>

    The <VERSION> string must be formatted as X_Y_Z, where X is the major version, Y is the minor version, and Z is the patch version.

    For example, 2.5.91 should be formatted as 2_5_91.

2. Retrieving Twistlock images using URL auth

Retrieve Twistlock images with a single command by embedding your access token into the registry URL. For URL authorization, the registry is accessible at registry-auth.twistlock.com.

By embedding your access token into the registry URL, you only need to run docker pull. The docker login command isn’t required.

The format for the registry URL is: registry-auth.twistlock.com/tw_<ACCESS-TOKEN>/<IMAGE>:<TAG>

Prerequisites

  • You have a Twistlock access token.

  • The Docker client requires that repository names be lowercase. Therefore, all characters in your access token must be lowercase. To convert your access token to lowercase characters, use the following command:

    $ echo <ACCESS-TOKEN> | tr '[:upper:]' '[:lower:]'

Procedure

  1. Pull the Twistlock images from the registry.

    Pull the Console image:

    $ docker pull \
      registry-auth.twistlock.com/tw_<ACCESS-TOKEN>/twistlock/console:console_<VERION>

    Pull the Defender image.

    $ docker pull \
      registry-auth.twistlock.com/tw_<ACCESS-TOKEN>/twistlock/defender:defender_<VERSION>

    The <VERSION> string must be formatted as X_Y_Z, where X is the major version, Y is the minor version, and Z is the patch version.

    For example, 2.5.91 should be formatted as 2_5_91.