JFrog Artifactory
1. Overview
If you have deployed a Defender to scan an Artifactory registry, there are several caveats to look out for.
2. Error messages
-
x509 error If you find that your images are not able to be scanned because of an error like the following:
Failed to pull image docker-local/sampleimage:v1.0.0dev-1, error API error (500): Get https://myconsole.twistlock.com/v2/: x509: certificate signed by unknown authority
This most likely means that you have a self-signed certificate that the underlying docker daemon on the defender host does not trust. This can also happen if you have set up Artifactory as an insecure registry.
3. Steps to confirm the issue
If you go to the host that the Prisma Cloud Defender is running on and try to pull your Artifactory images, you should receive the same error
4. Troubleshooting steps
You will need to add your trusted self-signed cert to the docker daemon. Specify the URL of the insecure registry on the machine where the registry scanning Defender runs, then restart the Docker service. For more information, see the Docker documentation.