Scan images with twistcli

Prisma Cloud ships a command-line scanner for scanning container images and serverless functions. It is supported on Linux, macOS, and Windows.

Command reference

The twistcli command has several subcommands. Use the twistcli images scan subcommand to invoke the scanner.


When users from a tenant project run twistcli, they must set the --project option to specify the proper context for the command.


twistcli images scan — Scan an image for vulnerabilities and compliance issues. The image must reside on the system where twistcli runs. If not, retrieve the image with docker pull before scanning it. Twistcli does not pull images for you.


The twistcli images scan function collects information about the packages and binaries in the container image, and then sends it to Console for analysis.
Data collected by twistcli includes:
  • Packages in the image.
  • Files installed by each package.
  • Hashes for files in the image.
After Console analyzes the image for vulnerabilities, twistcli:
  • Outputs a summary report.
  • Exits with a pass or fail return value.
To specify an image to scan, use either the image ID, or repository name and tag. The image should be present on the system, having either been built or pulled there. If a repository is specified without a tag, twistcli looks for an image tagged latest.
When invoking twistcli, the last parameter should be the image to scan. If you list options after the image, they will be ignored.


  • Complete URL for Console, including the protocol and port. Only the HTTPS protocol is supported. By default, Console listens to HTTPS on port 8083, although your administrator can configure Console to listen on a different port. Defaults to
    Example: --address
  • Username to access Console. If not provided, the TWISTLOCK_USER environment variable will be used if defined, or "admin" is used as the default.
  • Password for the user specified with -u, --user. If not specified on the command-line, the TWISTLOCK_PASSWORD environment variable will be used if defined