TOC & Recently Viewed

Recently Viewed Topics

Configure and Run the Tenable.io CS Scanner Locally

Configure and run the Tenable.io CS Scanner locally to either import and scan an image from a registry hosted internally on your network, such as Docker, or scan an image stored locally on your machine.

Before you begin:

To configure and run the Tenable.io CS Scanner locally:

  1. In the CLI of the machine where you want to run the scanner, type the customized configuration and command for your deployment type using the parameters defined below.

    • If you want to import an image from an internally hosted registry:

      For information about these parameters and their definitions, see Environment Parameters.

      docker run \ -e TENABLE_ACCESS_KEY=<variable> \ -e TENABLE_SECRET_KEY=<variable> \ -e IMPORT_REPO_NAME=<variable> \ -e REGISTRY_URI=<variable> \ -e REGISTRY_USERNAME=<variable> \ -e REGISTRY_PASSWORD=<variable> \ -e IMPORT_INTERVAL_MINUTES=<variable> \ -it tenableio-docker-consec-local.jfrog.io/cs-scanner:latest import-registry
    • If you want to scan an image stored locally on your machine:

      For information about these parameters and their definitions, see Environment Parameters.

      docker save <Image name or ID> | docker run \ -e TENABLE_ACCESS_KEY=<variable> \ -e TENABLE_SECRET_KEY=<variable> \ -e IMPORT_REPO_NAME=<variable> \ -i tenableio-docker-consec-local.jfrog.io/cs-scanner:latest inspect-image <Image name as you want it to appear in Tenable.io>
  1. Press Enter.

    The Tenable.io CS Scanner scans the images.

What to do next:

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.