1. Overview

Prisma Cloud images can be retrieved from a cloud registry, and are available to all current customers. This option simplifies a lot of workflows, especially the install flow.

All builds, including private builds, are published to the registry. Private builds temporarily address specific customer issues. Unless you’ve been asked to use a private build by a Prisma Cloud representative during the course of a support case, you should only pull officially published builds.

You can optionally manage Prisma Cloud images in your own registry. You can push the Prisma Cloud images to your own private registry, and manage them from there as you see fit. The Defender image can be downloaded from Console, under Manage > System > Downloads, or from the Prisma Cloud API.

There are two different methods for accessing images in the cloud registry:

  • Basic authorization.

  • URL authorization.

2. Retrieving Prisma Cloud images using basic auth

Authenticate using docker login or podman login, then retrieve the Prisma Cloud images using docker pull or podman pull. For basic authorization, the registry is accessible at registry.twistlock.com.

Image names contain a version string. The version string must be formatted as X_Y_Z, where X is the major version, Y is the minor version, and Z is the patch number. For example, 19.07.363 should be formatted as 19_07_363. For example:

registry.twistlock.com/twistlock/defender:defender_19_07_363.

Prerequisites:

  • You have your Prisma Cloud access token.

  1. Authenticate with the registry.

    $ docker (or podman) login registry.twistlock.com
    Username:
    Password:

    Where Username can be any string, and Password must be your access token.

  2. Pull the Defender image from the Prisma Cloud registry.

    $ docker (or podman) pull registry.twistlock.com/twistlock/defender:defender_<VERSION>

3. Retrieving Prisma Cloud images using URL auth

Retrieve Prisma Cloud images with a single command by embedding your access token into the registry URL. For URL authorization, the registry is accessible at registry-auth.twistlock.com.

By embedding your access token into the registry URL, you only need to run docker pull or podman pull. The docker login or podman login command isn’t required.

The format for the registry URL is: registry-auth.twistlock.com/tw_<ACCESS-TOKEN>/<IMAGE>:<TAG>

Image names contain a version string. The version string must be formatted as X_Y_Z, where X is the major version, Y is the minor version, and Z is the patch number. For example, 19.07.363 should be formatted as 19_07_363. For example:

registry.twistlock.com/twistlock/defender:defender_19_07_363.

Prerequisites:

  • You have a Prisma Cloud access token.

  • The Docker or Podman client requires that repository names be lowercase. Therefore, all characters in your access token must be lowercase. To convert your access token to lowercase characters, use the following command:

    $ echo <ACCESS-TOKEN> | tr '[:upper:]' '[:lower:]'
  1. Pull the Defender image from the Prisma Cloud registry.

    $ docker (or podman) pull \
      registry-auth.twistlock.com/tw_<ACCESS-TOKEN>/twistlock/defender:defender_<VERSION>