If you have deployed a Defender to scan an Artifactory registry, there are several caveats to look out for.
x509 error If you find that your images are not able to be scanned because of an error like the following:
Failed to pull image docker-local/sampleimage:v1.0.0dev-1, error API error (500): Get https://myconsole.twistlock.com/v2/: x509: certificate signed by unknown authority
This most likely means that you have a self-signed certificate that the underlying docker daemon on the defender host does not trust. This can also happen if you have set up Artifactory as an insecure registry.
If you go to the host that the Prisma Cloud Defender is running on and try to pull your Artifactory images, you should receive the same error
You will need to add your trusted self-signed cert to the docker daemon. Specify the URL of the insecure registry on the machine where the registry scanning Defender runs, then restart the Docker service. For more information, see the Docker documentation.
If you do not have a host that is able to access the underlying docker daemon, you will need to find other ways to get your host to trust the Artifactory instance. Please consult the Artifactory documentation for these steps.