Twistlock Trust scans images and registries to detect vulnerabilities in the code as well as configuration errors. With Twistlock Trust, you can enforce standard configurations, container best practices, and recommended deployment templates. You will gain assurance that your containers environments, wherever they reside, remain compliant with industry or company policies.

Vulnerability management

Twistlock Trust scans container images on developer workstations or in registries to detect vulnerabilities exist in the image. We cover the Linux distribution layer (e.g., Debian, Alpine LInux, Fedora), libraries, app frameworks and all the way to your custom application packages. We report which libraries, packages, frameworks contained a specific vulnerability, point to the CVE source, and when applicable, detail the steps for remediation.

Container hardening

Twistlock Trust provides container hardening checks based on CIS Docker benchmark, a consensus-oriented security best practices for deploying Docker. Twistlock Trust has 80+ built-in checks to validate recommended practices from the CIS benchmark, including configuration assessment, container hardening settings, and hardware validations.

CI/CD support

We believe Continuous Delivery and Continuous Integration tools are essential DevOps. As much as we can, Twistlock Trust supports seamless integration with CI/CD pipeline tools. The CI/CD tools can use our APIs to push images for scanning and pull scan results from Twistlock Trust. In addition, we provide out-of-box plugins for vulnerability reporting directly into Jenkins and TeamCity.

Extensively API-driven

Twistlock Trust supports an extensive set of APIs for developers to access almost all of our core functions, supporting limitless automation possibilities.Key use cases include auto-deployment, rule creation, access management, enterprise ticket integration, customized reporting, and forensics information gathering.

Registry support

Twistlock Trust supports a wide variety of registry formats, including Docker hub, Google Container Registry, AWS ECR, Artifactory and Nexus registry. We can seamlessly integrate with these registries to perform vulnerability and configuration scanning.

Real-time vulnerability intelligence

Twistlock’s intelligence service sources and aggregates vulnerability information directly from upstream projects, such as ubuntu, redhat, debian, etc., commercial and proprietary sources including our own labs. The vulnerability information is sent in real time to the Twistlock Console, which is the central brain for vulnerability management.

Twistlock Trust – how it works

“Twistlock’s integration with CVE databases is particularly valuable in helping us easily find and fix vulnerabilities. With Twistlock, we can continue to protect our customers even as we adopt new technologies like containers.“

Gregory Man
Manager, Systems group, Wix

“Twistlock allows us to have confidence that code that makes into our images are scanned and verified to some degree, without impeding developer’s processes and efficiency. This is really important to us. Ops team now feel that they have control back and can support IT transformation in a much more measured way.”

Director of IT Operations,
A civilian government agency

“Our company runs many cloud services and continuous integration and delivery is extremely important to us. Twistlock’s ability to support our existing CI tools and have their findings seamlessly incorporated in the CI console made our job a lot easier.”

Principal engineer,
A leading digital media company

” We experienced a huge amount of image drift prior to deploying Twistlock. With Twistlock, we are able to reign in configuration drift in images and ensure that only gold images make into production. This is huge for us.”

Director of Cloud Infrastructure,
A large medical research center

See Twistlock in action