Deploy Nessus as a Docker Image

You can deploy a managed Nessus scanner or an instance of Nessus Professional as a Docker image to run on a container. The base image is a Oracle Linux 8 instance of Nessus. You can configure the Nessus instance with environment variables to configure the image with the settings you configure automatically.

Tenable does not recommend deploying Nessus in a Docker container that shares a network interface controller (NIC) with another Docker container.

Before you begin:

To deploy Nessus as a docker image:

  1. In your terminal, use the docker pull command to get the image.

    $ docker pull tenableofficial/nessus:<version>

  2. Use the docker run command to run your image.

    • Use the operators with the appropriate options for your deployment, as described in Operators.

    • To preconfigure Nessus, use the -e operator to set environment variables, as described in Environment Variables.

      Note: Tenable recommends you use environment variables to configure your instance of Nessus when you run the image. If you do not include environment variables such as an activation code, username, password, or linking key (if creating a managed Nessus scanner), you must configure those items later.

  3. If you did not include environment variables, complete any remaining configuration steps in the command-line interface or Nessus configuration wizard.

What to do next:

Operators

Operator Description
--name Sets the name of the container in Docker.
-d Starts a container in detached mode.
-p

Publishes to the specified port in the format host port:container port. By default, the port is 8834:8834.

If you have several Nessus containers running, use a different host port. The container port must be 8834 because Nessus listens on port 8834.
-e

Precedes an environment variable.

For descriptions of environment variables you can set to configure settings in your Nessus instance, see Environment Variables.

Environment Variables

The required and optional environment variables differ based on your Nessus license and whether you are linking to Tenable.io.

  • Variable Required? Description
    USERNAME Yes

    Creates the administrator user.
    PASSWORD Yes Creates the password for the user.
    Linking Options
    LINKING_KEY Yes The linking key from the manager.
    NAME No The name of the Nessus scanner to appear in the manager. By default, the name is the container ID.
    MANAGER_HOST No The hostname or IP address of the manager. By default, the hostname is cloud.tenable.com.
    MANAGER_PORT No

    The port of the manager. By default, the port is 443.
    Proxy Options
    PROXY No The hostname or IP address of the proxy server.
    PROXY_PORT No The port number of the proxy server.
    PROXY_USER No The name of a user account that has permissions to access and use the proxy server.
    PROXY_PASS No The password of the user account that you specified as the proxy user.
    Nessus Settings
    AUTO_UPDATE No

    Sets whether Nessus should automatically receive updates.

    Valid values are as follows:

    • all — (Default) Automatically update plugins and Nessus software.

    • plugins — Only update plugins.

    • no — Do not automatically update software or plugins.

    Example: Managed Nessus scanner linked to Tenable.io

    docker run --name "nessus-managed" -d -p 8834:8834 -e LINKING_KEY=<Tenable.io linking key> -e USERNAME=admin -e PASSWORD=admin -e MANAGER_HOST=cloud.tenable.com -e MANAGER_PORT=443 tenableofficial/nessus:<version>

  • Variable Required? Description
    ACTIVATION_CODE Yes The activation code to register Nessus.
    USERNAME Yes

    Creates the administrator user.
    PASSWORD Yes Creates the password for the user.

    Example: Nessus Professional

    docker run --name "nessus-pro" -d -p 8834:8834 -e ACTIVATION_CODE=<activation code> -e USERNAME=admin -e PASSWORD=admin tenableofficial/nessus:<version>

  • Variable Required? Description
    USERNAME No

    Creates the administrator user.
    PASSWORD No Creates the password for the user.