Prisma Cloud container images

Prisma Cloud images can be retrieved from a cloud registry, and are available to all current customers. This option simplifies a lot of workflows, especially the install flow.
All builds, including private builds, are published to the registry. Private builds temporarily address specific customer issues. Unless you’ve been asked to use a private build by a Prisma Cloud representative during the course of a support case, you should only pull officially published builds.
You can optionally manage Prisma Cloud images in your own registry. You can push the Prisma Cloud images to your own private registry, and manage them from there as you see fit. The Defender image can be downloaded from Console, under
Manage > System > Downloads
, or from the Prisma Cloud API.
There are two different methods for accessing images in the cloud registry:
  • Basic authorization.
  • URL authorization.

Retrieving Prisma Cloud images using basic auth

Authenticate using
docker login
or
podman login
, then retrieve the Prisma Cloud images using
docker pull
or
podman pull
. For basic authorization, the registry is accessible at
registry.twistlock.com
.
Image names contain a version string. The version string must be formatted as X_Y_Z, where X is the major version, Y is the minor version, and Z is the patch number. For example, 19.07.363 should be formatted as 19_07_363. For example:
registry.twistlock.com/twistlock/defender:defender_19_07_363.
Prerequisites:
  • You have your Prisma Cloud access token.
  1. Authenticate with the registry.
    $ docker (or podman) login registry.twistlock.com Username: Password:
    Where
    Username
    can be any string, and
    Password
    must be your access token.
  2. Pull the Defender image from the Prisma Cloud registry.
    $ docker (or podman) pull registry.twistlock.com/twistlock/defender:defender_<VERSION>

Retrieving Prisma Cloud images using URL auth

Retrieve Prisma Cloud images with a single command by embedding your access token into the registry URL. For URL authorization, the registry is accessible at
registry-auth.twistlock.com
.
By embedding your access token into the registry URL, you only need to run
docker pull
or
podman pull
. The
docker login
or
podman login
command isn’t required.
The format for the registry URL is:
registry-auth.twistlock.com/tw_<ACCESS-TOKEN>/<IMAGE>:<TAG>
Image names contain a version string. The version string must be formatted as X_Y_Z, where X is the major version, Y is the minor version, and Z is the patch number. For example, 19.07.363 should be formatted as 19_07_363. For example:
registry.twistlock.com/twistlock/defender:defender_19_07_363.
Prerequisites:
  • You have a Prisma Cloud access token.
  • The Docker or Podman client requires that repository names be lowercase. Therefore, all characters in your access token must be lowercase. To convert your access token to lowercase characters, use the following command:
    $ echo <ACCESS-TOKEN> | tr '[:upper:]' '[:lower:]'
  1. Pull the Defender image from the Prisma Cloud registry.
    $ docker (or podman) pull \ registry-auth.twistlock.com/tw_<ACCESS-TOKEN>/twistlock/defender:defender_<VERSION>

Recommended For You