TOC & Recently Viewed

Recently Viewed Topics

Configure and Run the Tenable.io CS Scanner Locally Examples

When you use the Tenable.io CS Scanner to scan images locally, your configuration varies depending on several factors, including the image location (imported from an internally hosted registry or scanned locally from your macine), whether authentication is required, and whether you want to repeat the import or scan at set intervals.

Internal Registry Import Configuration When Authentication is Required

The following example configures a recurring import that requires a username and password and repeats every three hours.

docker run \ -e TENABLE_ACCESS_KEY=ab123c4d5678912e3f456g78h912ijk34l5m6nopqr7s89t12u34567vw89x1yz2 \ -e TENABLE_SECRET_KEY=12a345b6c78d9ef12g3h4i5j67891234kl567m891234no56789p12345qr67stu \ -e IMPORT_REPO_NAME=production-registry-artifactory \ -e REGISTRY_URI=https://registry.mycompany.com \ -e REGISTRY_USERNAME=build \ -e REGISTRY_PASSWORD=Password123 \ -e IMPORT_INTERVAL_MINUTES=180 -it tenableio-docker-consec-local.jfrog.io/cs-scanner:latest import-registry

Internal Registry Import Configuration When No Authentication is Required

The following example configures a single import that does not repeat and does not require a username or password.

docker run \ -e TENABLE_ACCESS_KEY=ab123c4d5678912e3f456g78h912ijk34l5m6nopqr7s89t12u34567vw89x1yz2 \ -e TENABLE_SECRET_KEY=12a345b6c78d9ef12g3h4i5j67891234kl567m891234no56789p12345qr67stu \ -e IMPORT_REPO_NAME=production-registry-artifactory \ -e REGISTRY_URI=https://registry.mycompany.com \ -it tenableio-docker-consec-local.jfrog.io/cs-scanner:latest import-registry

Configuration for Scanning an Image Stored Locally on Your Machine

The following example configures a single scan that does not repeat for an image stored locally on the machine where you downloaded the scanner.

Note: You do not need to include a registry URI, username, or password for scans of images stored on your machine.

docker save Image1234 | docker run \ -e TENABLE_ACCESS_KEY=ab123c4d5678912e3f456g78h912ijk34l5m6nopqr7s89t12u34567vw89x1yz2; \ -e TENABLE_SECRET_KEY=12a345b6c78d9ef12g3h4i5j67891234kl567m891234no56789p12345qr67stu \ -e IMPORT_REPO_NAME=production-registry-artifactory \ -i tenableio-docker-consec-local.jfrog.io/cs-scanner:latest inspect-image Image_Jan0119

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.