TOC & Recently Viewed

Recently Viewed Topics

Scan a Repository via the Tenable.io CS Scanner

Required User Role: Scan Operator, Standard, Scan Manager, or Administrator

Run the Tenable.io CS Scanner in Registry Import mode to scan all images in a repository.

Before you begin:

  • Confirm your machine meets the system requirements, as described in CS Scanner System Requirements.
  • Download the Tenable.io CS Scanner, as described in Download the CS Scanner.
  • Prepare your environment variable value, as described in the Environment Variables.
  • (Optional) To scan images hosted in an Azure registry, complete the following tasks to prepare your Azure registry. For information about Azure registries, see Azure Documentation.
    • Configure your Azure registry.
    • Create a service principal for your Azure registry and assign the AcrPull role to the service principal.

  • (Optional) To scan images hosted in an Amazon Web Services (AWS) Elastic Container Registry (ECR), obtain your AWS token. For information about how to obtain your AWS token, see AWS Documentation.

To run the Tenable.io CS Scanner in Registry Import mode:

  1. In the CLI of the machine where you want to run the scanner, type the customized configuration and command for your deployment type using the parameters defined below.

    Note: Some of the following variables not required to run the scanner. For information about these variables and their definitions, see Environment Variables.

    docker run \ -e TENABLE_ACCESS_KEY=<variable> \ -e TENABLE_SECRET_KEY=<variable> \ -e IMPORT_REPO_NAME=<variable> \ -e REGISTRY_URI=<variable> \ -e REGISTRY_USERNAME=<variable> \ -e REGISTRY_PASSWORD=<variable> \ -e IMPORT_INTERVAL_MINUTES=<variable> -i tenableio-docker-consec-local.jfrog.io/cs-scanner:latest import-registry
  2. Press Enter.

    The Tenable.io CS Scanner scans all images in the registry.

What to do next:

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.