Recently Viewed Topics
CircleCI
Before You Begin
These instructions describe how to push a Docker image from CircleCI to Tenable.io Container Security.
These steps assume you are already comfortable using CircleCI and are already pushing Docker images to a public or private registry. If you are already using CircleCI, but have not built Docker container images, familiarize yourself with the CircleCI documentation Continuous Integration and Delivery with Docker.

If you are using CircleCI to build Docker container images, you should have a circle.yml file in your project source control repository that looks similar to the following example:
machine:
services:
- docker
dependencies:
override:
- docker info
- docker build -t circleci/elasticsearch .
test:
override:
- docker run -d -p 9200:9200 circleci/elasticsearch; sleep 10
- curl --retry 10 --retry-delay 5 -v http://localhost:9200
deployment:
hub:
branch: master
commands:
- docker push circleci/elasticsearch
The following lines in circle.yml instruct CircleCI to leverage Docker for the build process:
machine:
services:
- docker
The following lines in circle.yml instruct CircleCI to build the elasticsearch image in the circleci/ repository:
dependencies:
override:
- docker info
- docker build -t circleci/elasticsearch .
The following are the most important lines for adding Tenable.io Container Security integration to CircleCI environments. These lines instruct CircleCI to use Docker to log in to the registry (in this case to Docker Hub, since no private registry is specified) and push cicleci/elasticsearch
to the registry:
deployment:
hub:
branch: master
commands:
- docker login -u $DOCKER_USER -p $DOCKER_PASS
- docker push circleci/elasticsearch
Steps
- To add environment variables for the project in the CircleCI console, open the project, click Project Settings, then click Environment Variables.
-
Define the following variables:
Variable
Description
TENABLE_IO_CONTAINER_SECURITY_EMAIL
The email that you use to log in to Tenable.io Container Security.
TENABLE_IO_CONTAINER_SECURITY_USER
The user name that you use to log in to Tenable.io Container Security. You can find this on the Settings page in Tenable.io Container Security.
TENABLE_IO_CONTAINER_SECURITY_ENDPOINT
For hosted cloud users of Tenable.io Container Security, this value is
registry.cloud.tenable.com
. -
To add support for Tenable.io Container Security, update the circle.yml file as follows:
machine:
environment:
VERSION: 2.1.1
TAG: ${VERSION}
services:
- docker
dependencies:
override:
- docker info
- docker version
- docker build -t $TENABLE_IO_CONTAINER_SECURITY_ENDPOINT/circleci/elasticsearch .
test:
override:
- docker run -d -p 9200:9200 $TENABLE_IO_CONTAINER_SECURITY_ENDPOINT/circleci/elasticsearch; sleep 10
- curl --retry 10 --retry-delay 5 -v registry.cloud.tenable.com
deployment:
hub:
branch: master
commands:
- docker login -u $TENABLE_IO_ACCESS_KEY -p $TENABLE_IO_SECRET_KEY
- docker tag $TENABLE_IO_CONTAINER_SECURITY_ENDPOINT/circleci/elasticsearch $TENABLE_IO_CONTAINER_SECURITY_ENDPOINT/circleci/elasticsearch:${TAG}
- docker push $TENABLE_IO_CONTAINER_SECURITY_ENDPOINT/circleci/elasticsearch:${TAG}
- docker logout
CircleCI builds are sent to Tenable.io Container Security for storage, distribution, vulnerability scanning, and malicious code scanning.