Deploy Nessus as a Docker Image

You can deploy a managed Nessus scanner or an instance of Nessus Professional as a Docker image to run on a container. The base image is a CentOS 8 instance of Nessus. You can configure the Nessus instance with environment variables to automatically configure the image with the settings you configure.

Tenable does not recommend deploying Nessus in a Docker container that shares a network interface controller (NIC) with another Docker container.

Before you begin:

To deploy Nessus as a docker image:

  1. In your terminal, use the docker pull command to get the image.

    $ docker pull tenableofficial/nessus

  2. Use the docker run command to run your image.
    • Use the operators with the appropriate options for your deployment, as described in Operators.

    • To preconfigure Nessus, use the -e operator to set environment variables, as described in Environmental Variables.

      Note: Tenable recommends you use environment variables to configure your instance of Nessus when you run the image. If you do not include environment variables such as an activation code, username, password, or linking key (if creating a managed Nessus scanner), you must configure those items later.

      $ docker run --name "container name" -d -p 8834:8834 -e ACTIVATION_CODE=<activation code> -e USERNAME=<username> -e PASSWORD=<password> tenableofficial/nessus

  3. If you did not include environment variables, complete any remaining configuration steps in the command line interface or Nessus configuration wizard.

What to do next:

Operators

Operator Description
--name Sets the name of the container in Docker.
-d Starts a container in detached mode.
-p

Publishes to the specified port in the format host port:container port. By default, the port is 8834:8834.

If you have several Nessus containers running, use a different host port. The container port must be 8834 because Nessus listens on port 8834.

-e

Precedes an environment variable.

For descriptions of environment variables you can set to configure settings in your Nessus instance, see Environmental Variables.

Environment Variables

Variable Required? Description
Initial Configuration Options
ACTIVATION_CODE Recommended The activation code to register Nessus. This determines whether the instance is a Nessus scanner or Nessus Professional.
USERNAME Recommended

Creates the administrator user.

PASSWORD Recommended Creates the password for the user.
Linking Options
LINKING_KEY Yes if linking to manager The linking key from the manager.
NAME No The name of the Nessus scanner to appear in the manager. By default, the name is the container ID.
MANAGER_HOST Yes if linking to manager The hostname or IP address of the manager.
MANAGER_PORT Yes if linking to manager

The port of the manager. By default, the port is 8834.

For Nessus Manager, use 8834.

For Tenable.io, use 443.

Proxy Options
PROXY No The hostname or IP address of the proxy server.
PROXY_PORT No The port number of the proxy server.
PROXY_USER No The name of a user account that has permissions to access and use the proxy server.
PROXY_PASS No The password of the user account that you specified as the proxy user.
Nessus Settings
AUTO_UPDATE No

Sets whether Nessus should automatically receive updates.

Valid values are as follows:

  • all — (Default) Automatically update plugins and Nessus software.

  • plugins — Only update plugins.

  • no — Do not automatically update software or plugins.

Usage Examples

Nessus Professional

docker run --name "nessus-pro" -d -p 8834:8834 -e ACTIVATION_CODE=<activation code> -e USERNAME=admin -e PASSWORD=admin tenableofficial/nessus

Managed Nessus scanner linked to Tenable.io

docker run --name "nessus-managed" -d -p 8834:8834 -e LINKING_KEY=<Tenable.io linking key> -e USERNAME=admin -e PASSWORD=admin -e MANAGER_HOST=cloud.tenable.com -e MANAGER_PORT=443 tenableofficial/nessus