1. Functions

Twistlock ships a command-line configuration and control tool known as twistcli. It is supported on Linux, macOS, and Windows.

When users from a tenant project run twistcli, they must set the --project option to specify the proper context for the command.

The twistcli tool supports the following functions:

  • console — Installs and uninstalls Console into a cluster. Kubernetes, OpenShift, and Docker Swarm are supported. You can also export Kubernetes or OpenShift deployment files in YAML format.

  • defender — Installs and uninstalls Defender into a cluster. Kubernetes, OpenShift, and Docker Swarm are supported. Defender is installed as either a daemon set (Kubernetes, OpenShift) or global service (Docker Swarm), which means one Defender is always automatically deployed to each node in the cluster. You can also export a Kubernetes or OpenShift deployment file in YAML format.

  • hosts — Scans hosts for vulnerabilities and compliance issues.

  • images — Scans container images for vulnerabilities and compliance issues. Because it runs from the command line, you can easily integrate Twistlock’s scanning capabilities into your CI/CD pipeline.

  • intelligence — Retrieves the latest threat data from the Twistlock Intelligence Stream, and push those updates to a Twistlock installation running in an air-gapped environment.

  • pcf — Scan Pivotal Cloud Foundry droplets.

  • rasp — Embed the RASP Defender into a Dockerfile.

  • restore — Restore Console to the state stored in the specified backup file. An automatated backup system (enabled by default) creates and maintains daily, weekly, and monthly backups. Additional backups can made at any point in time from the Console UI.

  • serverless — Embeds the Serverless Defender into serverless functions. Scans serverless functions for vulnerabilities.

  • support — Streamlines the process of collecting and sending debug information to Twistlock’s support team. Collects log data from a node and uploads it to Twistlock’s support area.

2. Capabilities

The twistcli tool offers feature parity across all supported operating systems, with a few exceptions. The following table highlights where functions are disabled, or work differently, on a given platform.

twistcli Platform

Command

Subcommand

Linux

macOS

Windows

console

export

Yes

Yes

Yes

install

Yes

No

No

uninstall

Yes

No

No

defender

export

Yes

Yes

Yes

install

Yes

No

No

uninstall

Yes

No

No

hosts

scan

Yes

No1

No

images

scan

Yes

Yes2

Yes3

intelligence

upload

Yes

Yes

Yes

download

Yes

Yes

Yes

pcf

scan

Yes

No

No

rasp

embed

Yes

Yes

Yes

restore

Yes

No

No

serverless

embed

Yes

Yes

Yes

scan

Yes

Yes

Yes

support

dump

Yes

No4

No4

upload

Yes

Yes

Yes

1 Twistlock doesn’t support deployment to macOS hosts, so there is no support for scanning macOS hosts.

2 Scans Linux images on macOS hosts. Docker for Mac must be installed.

3 Twistcli can scan Windows images on Windows Server 2016 and Windows Server 2019 hosts. To scan Linux images on Windows, install Docker Machine on Windows with the Microsoft Hyper-V driver. Twistcli does not support scanning Linux images on Windows hosts with Docker for Windows.

4 The support dump function collects Console’s logs when Console malfunctions. Copy twistcli to host where Console runs, then execute twistcli support dump. Defender logs can be retrieved directly from the Console UI under Manage > Defenders > Manage.

For a comprehensive list of supported options for each subcommand, run:

$ twistcli <COMMAND> --help

2.1. Install support

Support for installing Console and Defender via twistcli is supported on several cluster types. The following table highlights the available support:

twistcli Platform

Command

Subcommand

Stand-alone1

Kubernetes

OpenShift

Swarm

Amazon ECS

DC/OS

Windows

console

export

No

Yes

Yes

No

No

No

No

install

No

Yes

Yes

Yes

No

No

No

uninstall

No

Yes

Yes

Yes

No

No

No

defender

export

No

Yes

Yes

Yes

No

Yes

No

install

No

Yes

Yes

Yes

No

No

No

uninstall

No

Yes

Yes

Yes

No

No

No

1 Stand-alone refers to installing an instance of Console or Defender onto a single host that isn’t part of a cluster. For stand-alone installations of Console, use the twistlock.sh script to install Onebox. For stand-alone installations of Defender, log into Console, go to Manage > Defenders > Deploy, and generate an install command.

The twistcli console install command for Kubernetes and OpenShift combines two steps into a single command to simplify how Console is deployed. This command internally generates a YAML configuration file and then creates Console’s resources with kubectl create in a single shot. This command is only supported on Linux. Use it when you don’t need a copy of the YAML configuration file. Otherwise, use twistcli console export.