Is Prisma Cloud Compute able to scan .tar files?

• Do we support the scanning .tar image files for vulnerabilities?
• Is Prisma Cloud Compute able to scan images contained in .tar files?

• Prisma Cloud Compute
• Twistlock
• twistcli tool
• Images Vulnerabilities Scan

• With the state of the art of Prisma Cloud Compute, we do not support scanning of images contained in .tar archive files. However, you can use a workaround through Docker load.
• Docker loads enabled you to load an image or repository from a tar archive (even if compressed with gzip, bzip2, or xz) from a file or STDIN. It restores both images and tags.
• Run:

docker load --input fedora.tar

• In this way, you should be able to have loaded the images from the archive. You can check it out by running "docker images ls"
• Then, you can scan the loaded image through twistcli: 

./twistcli images scan --address https://<console_IP_address_or_hostname>:8083/ -u <username> -p <password> --details <image_name>

• Finally, you can retrieve the results within the Console, under Monitor > Vulnerabilities > Images > CI.

 More info about twistcli images scan tool at the link:

• Twistcli Scan Images - Scan an image for vulnerabilities and compliance issues. The image must reside on the system where twistcli runs. If not, retrieve the image with docker pull before scanning it. Twistcli does not pull images for you.