:

Configure a CI/CD Scan

This topic describes how to scan a single image. For instructions on how to scan all images in a registry, see Create a Scan.

Before you begin:

Download the image you want to scan to your local machine.
Add a Scanner.

Scan a single image:

Ensure the image you want to scan is available locally.
- To pull an image from a registry to the same host as your scanner, use the following command:
  Copy
```
docker pull <image-name>:<image-tag>
```
  Where <image-name>:<image-tag> is the image you want to scan.
  
  -or-
- To build an image on the same host as your scanner, use the following command:
  Copy
```
docker build -f Dockerfile --tag <image-name>:<image-tag> .
```
  Where <image-name>:<image-tag> is the image you want to scan.
In the CLI of the machine where you want to run the scanner, run the customized configuration and command for your deployment type using the following parameters:
Copy
```
./consec image \
--pipeline-name <your-pipeline-name> \
--pipeline-type JENKINS \
--policy-config <tes_policy.json> \
<image-name>:<image-tag>
```
Where:
- pipeline-name is the name that appears in the UI.
- pipeline-type is the type of CI/CD pipeline provider. If you do not include a pipeline type, this field defaults to CUSTOM.
- policy-config is the path to the scan policy that you created in Configure CI/CD Scan Policies. If you do not include a scan policy, then the scan will not perform policy configuration.
Note: To scan podman images, use the --containers-storage flag.
Press Enter.

Container Security scans the image.

Copyright © 2024 Tenable, Inc. All rights reserved. Tenable, Tenable Nessus, Tenable Lumin, Assure, and the Tenable logo are registered trademarks of Tenable, Inc. or its affiliates. All other products or services are trademarks of their respective owners.