Install Tenable Cloud Security CLI for Tenable Container Security

Use Tenable Cloud Security CLI version 2.0 to scan container images. You can install Tenable Cloud Security CLI on Linux and macOS operating systems.

Supported Operating Systems

  • macOS

  • Linux

Install Tenable Cloud Security on a Local System

To download and install the Tenable Cloud Security CLI:

  1. Log in to the Tenable Cloud Security Downloads page.

  2. On the row for Tenable Cloud Security, click View Downloads.

  3. Download the latest installation file for your operating system.

    Tenable Cloud Security CLI is available for macOS and Linux operating systems. Use the following links for the download URLs:

    • Linux (arm64): https://www.tenable.com/downloads/api/v2/pages/tenable-cs/files/tenable.cs-cli_latest_Linux_arm64.tar.gz

    • Linux (x86_64): https://www.tenable.com/downloads/api/v2/pages/tenable-cs/files/tenable.cs-cli_latest_Linux_x86_64.tar.gz

    • MacOs (arm64): https://www.tenable.com/downloads/api/v2/pages/tenable-cs/files/tenable.cs-cli_latest_MacOs_arm64.tar.gz

    • MacOs (x86_64): https://www.tenable.com/downloads/api/v2/pages/tenable-cs/files/tenable.cs-cli_latest_MacOs_x86_64.tar.gz

  4. Untar the Tenable Cloud Security CLI.

  5. Allow executable permissions to the Tenable Cloud Security CLI binary file:

    Copy 
    chmod +x tcs

  6. From a command-line terminal, navigate to the download location and type the tcs command to verify that the installation is successful.

    ./tcs
    Tenable.CS

    Discover vulnerabilities and misconfigurations in container images.

    Usage:
      tcs [command]

    Examples:
    tcs version

    Available Commands:
      consec      Container Security
      env         Display the Tenable.cs CLI environment variables
      version     Display the Tenable.cs CLI version

    Flags:
      -c, --config string      Specify the configuration file location.
          --fail               Returns an exit code of 1 when a high severity violation is detected
          --log-dir string     Directory path to write the log file. Works only with '--log-level=debug' (default "log")
      -l, --log-level string   Log level (Values: debug, info, warn, error, panic, fatal) (default "info")
      -x, --log-type string    Log output type (Values: console, json) (default "console")
      -p, --project string     Project to associate the results in the Tenable Cloud Security web console.
                               Use 'TCS_PROJECT_ID' to pass the project ID using an environment variable
          --token string       API token from the configuration file (same as App Token in older config files).
                               Use 'TCS_TOKEN' to pass the token using an environment variable

    Use "tcs [command] --help" for more information about a command