TOC & Recently Viewed

Recently Viewed Topics

Configure and Run the Tenable.io CS Scanner Locally

Required User Role: Scan Operator, Standard, Scan Manager, or Administrator

Configure and run the Tenable.io CS Scanner locally to import and scan images hosted in a registry on your network, such as Docker, or to scan an image stored locally on your machine.

Before you begin:

To configure and run the Tenable.io CS Scanner locally:

  1. In the CLI of the machine where you want to run the scanner, type the customized configuration and command for your deployment type using the parameters defined below.

    • If you want to import and scan an image from an internally hosted registry:

      For information about these parameters and their definitions, see Environment Variables.

      docker run \ -e TENABLE_ACCESS_KEY=<variable> \ -e TENABLE_SECRET_KEY=<variable> \ -e IMPORT_REPO_NAME=<variable> \ -e REGISTRY_URI=<variable> \ -e REGISTRY_USERNAME=<variable> \ -e REGISTRY_PASSWORD=<variable> \ -e IMPORT_INTERVAL_MINUTES=<variable> \ -it tenableio-docker-consec-local.jfrog.io/cs-scanner:latest import-registry
    • If you want to scan an image stored locally on your machine:

      For information about these parameters and their definitions, see Environment Variables.

      docker save <Image name or ID> | docker run \ -e TENABLE_ACCESS_KEY=<variable> \ -e TENABLE_SECRET_KEY=<variable> \ -e IMPORT_REPO_NAME=<variable> \ -i tenableio-docker-consec-local.jfrog.io/cs-scanner:latest inspect-image <Image name as you want it to appear in Tenable.io>
  1. Press Enter.

    The Tenable.io CS Scanner scans the images.

What to do next:

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.