Twistlock for PCF (Beta)

WARNING: This tile requires a Trusty stemcell. The end-of-life date for Ubuntu Trusty is April 2019. If a security vulnerability is found on this stemcell after April, it will not be fixed.

WARNING! The Twistlock for Pivotal Cloud Foundry (PCF) tile is currently in beta and is intended for evaluation and test purposes only. Do not use this product in a PCF production environment.


The Twistlock Cloud Native Cybersecurity Platform provides full lifecycle security for containerized environments and cloud native applications. It is purpose-built to deliver security for modern applications by embedding security controls directly into existing processes. From pipeline to perimeter, Twistlock enables security teams to scale securely and devops teams to deploy fearlessly.

Twistlock for PCF enables organizations to continuously scan droplets in their blobstores for vulnerabilities. The Twistlock Intelligence Stream sources vulnerability data from 30+ upstream projects, commercial sources, and includes proprietary research from Twistlock Labs. The Twistlock scanner can be integrated directly into your CI pipeline to pass or fail builds based on policy. Scan report data is available in open formats, such as CSV and JSON. The comprehensive API makes it easy to integrate Twistlock data into larger central dashboards.

Key Features

Twistlock for PCF lets you:

  • Continously scan droplets in your blobstores for known vulnerabilities.
  • Review and share scan reports across the team (Developers, DevOps, and Security).
  • Raise alerts and route them to the right party when the scanner finds issues that violate policy (email, Slack, JIRA, and more).
  • Integrate scanning into your CI/CD pipeline with the command line scanner. Pass or fail builds based on policy.
  • Assess risk and pinpoint specific vulnerabilities in your environment with the Vulnerability Explorer.
  • Retrieve scan report data via the comprehensive API for deep integration with other tools, dashboards, and processes.

Product Snapshot

The following table provides version and version-support information for Twistlock for PCF.

Element Details
Tile version 18.11.96
Release date December 3, 2018
Software component version 18.11.0
Compatible Ops Manager version(s) v2.1.x, v2.2.x, and v2.3.x
Compatible Pivotal Application Service version(s) v2.1.x, v2.2.x, and v2.3.x
BOSH stemcell version Ubuntu Trusty
IaaS support All platforms


Twistlock for PCF has the following requirements:

  • You have a Twistlock license.

  • You have installed Twistlock Console. Twistlock Console runs as a container. You can run it in Pivotal Container Service (PKS) or on a stand-alone virtual machine using Twistlock’s Onebox install.


If you have a feature request, questions, or information about a bug, please email Pivotal Cloud Foundry Feedback or Twistlock Support.


For help and troubleshooting, contact Twistlock Support.

Create a pull request or raise an issue on the source for this page in GitHub