Add a Web Application Scanner

Required Tenable Security Center User Role: Administrator

Before you begin

Add a Sensor Proxy.

To add a Tenable Web App Scanning instance to Tenable Security Center:

Log in to Tenable Security Center via the user interface.
In the left navigation, click Resources > Web Application Scanners.

The Web Application Scanners page appears.
At the top of the table, click Add.

The Add Web Application Scanner panel appears.
Configure the Web Application Scanner.
1. In the Linking Key section, click Copy to copy the linking key to your clipboard.
2. Configure the Web Application Scanner, as described in Web App Scans.
3. Start the Docker container using the following command, where:
  - <scanner_name> is a unique name for the scanner.
  - <SP_URL> is the Sensor Proxy URL.
  - <linking_key> is the linking key you copied in step 4a.
  Copy
```
docker run -d -e WAS_SCANNER_NAME=<scanner_name> -e WAS_PLATFORM_URL=<SP_URL> -e WAS_LINKING_KEY=<linking_key> tenable/was-scanner:latest
```
  Additional Docker variables
  The following are some helpful variables you can set in your Docker container.
  - Copy
    -e SCANNER_MEM_REQUEST=<docker_memory>
    
    Where <docker_memory> is the amount of memory the Docker container can use (for example, 5G or 256M).
  - Copy
    -e WAS_LOG_TO_STDOUT=true -e WAS_LOG_LEVEL=debug
    
    These variables produce more detailed logs when you run a web app scan.
The scanner appears in the Web Application Scanners table.

What to do next:

Before you use a Web Application Scanner, add the scanner to a Scan Zones.

Copyright © 2025 Tenable, Inc. All rights reserved. Tenable, Tenable Nessus, Tenable Lumin, Assure, and the Tenable logo are registered trademarks of Tenable, Inc. or its affiliates. All other products or services are trademarks of their respective owners.