Container Security with Tenable Cloud Security

Tenable Cloud Security scans your container images and container registries to assess for vulnerabilities. Tenable Cloud Security allows you to scan container images securely without sending the images outside your organization's network. After your scan completes, you can view the scan results in the Tenable Cloud Security Console.

Tenable Cloud Security allows you to scan the following:

• A local image from Docker daemon.

• An image in a build pipeline.

• All images hosted in a specific registry (for example, a Docker registry).

Before you begin:

• Create a project in the Tenable Cloud Security Console to use for the container scan.

• Ensure that the container image is available in the docker daemon.

To configure container scans with Tenable Cloud Security:

1. Create custom policies and policy group for your image. For more information, see Create a Custom Policy and Create a Custom Policy Group.

2. Associate Container Security policies to the project.

3. (Optional) Download the configuration file for the project.

4. Download and install the CLI.

   Note:You can install the CLI locally on your system, integrate the CLI in your CI/CD pipeline, or run the CLI as a Docker image.
5.  Scan the container image or container registry.

   • Scan a Container Image

   • Scan a Container Registry

   Note: Tenable Cloud Security does not support Windows containers.
6. On the Tenable Cloud Security Console, view the scan results on the Vulnerabilities tab on the Findings page.

7. Get container security insights from the Containers dashboard.