CI Integration

Cloud Native Security Integrated with CI/CD Pipelines

Twistlock integrates security into your continuous integration workflows so you can find and fix problems before they ever make it into production. Powerful CI capabilities allow developers to see vulnerability status every time they run a build, without having to run a separate tool or use a different interface. Security teams can set policies that act as quality control gates to ensure only remediated images progress down the pipeline.

Plug Security Into Your Current Toolkit

Twistlock provides native plugins for CI tools like Jenkins as well as a standalone vulnerability scanner to integrate security into any existing build and deployment process. Set thresholds for security and compliance, including HIPAA and PCI compliance, CIS Benchmarks, and more, right in the build. Automated and custom policies can alert or block unsafe builds to provide precise control for security teams and minimal friction to developers.

Security As Part of the Build

With Twistlock, you can create granular policies that provide you with precise control over every CI job. Use Twistlock to enforce specific requirements such as ‘in the build for my payment app, block any build impacted by a CVE with a medium or higher CVSS rating and for which a vendor fix is available’. Ensure that only images that pass your security requirements are signed and pushed to your registry.

Powerful Intelligence for Accurate Enforcement

The Twistlock Intelligence Stream sources and aggregates vulnerability information directly from 30+ upstream projects, commercial sources, and proprietary research from Twistlock Labs. We focus on having the most precise data available covering all layers of your stack, so you have accurate visibility into not just the base layer of your images, but also the frameworks like Java, Node.js, Ruby, and Python that you use within them. Binary analysis helps identify vulnerabilities regardless of how you add a component to an image and custom rules help you find vulnerabilities in your own internally created components.

A Centralized View of Every Build

As part of scanning each build via our Jenkins plugin or twistcli, Twistlock surfaces results in both your native development tools and within the Twistlock UI. Track vulnerability findings for each build, in each layer, and whether the function or image passed or failed based on policy, all in one centralized location.

“We are very pleased with Twistlock’s integration with CVE databases and the support of multiple technologies for vulnerability detection. This allows us to continue to grow container adoption without worrying about security.”

Ariel Moskovich DevOps Lead, AppsFlyer
This guide breaks down the PCI DSS requirements section by section and provides clear instructions on how to design and operate a compliant containerized environment.
The Guide to PCI Compliance for Containers