Prisma Cloud Compute: Defender deploy script failing to run
3527
Created On 01/19/23 01:24 AM - Last Modified 07/11/25 20:03 PM
Symptom
When running the Container Defender script, copied from Manage > Defenders > Deploy > Single Defender, the following error would be displayed
"[31mCopying Twistlock Defender data to utils folder", "you are not authorized to perform this operation: server returned 401..\u001b(B\u001b[m", "[31mFailed to create Twistlock data container.\u001b(B\u001b[m", "[31mFailed to run twistlock.sh.\u001b(B\u001b[m"
Environment
- Prisma Cloud Compute 21.08 or later
- Docker the following or later versions
- CE 20.10.5, 19.03, 18.09
- EE 19.03.4
Cause
This error usually occurs when Docker Content Trust is turned on.
Docker Content Trust (DCT) provides the ability to use digital signatures for data sent to and received from remote Docker registries. These signatures allow client-side or runtime verification of the integrity and publisher of specific image tags.
Through DCT, image publishers can sign their images and image consumers can ensure that the images they pull are signed. Publishers could be individuals or organizations manually signing their content or automated software supply chains signing content as part of their release process
Resolution
To install the container defender successfully, turn off DCT. This can be done by ssh-ing into the host where the defender is being installed.
- SSH into the host
- Type the following
$ export DOCKER_CONTENT_TRUST=0 - Docker Content Trust is now disabled
- Run the script again and the Container Defender should be installed.
Additional Information
- https://docs.docker.com/engine/security/trust/