Deploy an On-Premise Code Scanner
To deploy an on-premises code scanner, you must first download the deployment package for Ubuntu Linux from Tenable.cs and then deploy the package on a virtual machine.
To download the on-premise code scanner package:
-
In the left navigation bar, click Integrations.
The All Integrations page appears. -
Click On-premise code scanner.
The On-premise code scanner window appears. -
In the upper-right corner, click Download new.
The New On-premise code scanner window appears. -
In the Select deployment option section, select Ubuntu Linux.
-
Click Continue.
Tenable.cs displays the setup instructions for Ubuntu Linux.
Note: Depending on the number of enterprise repository servers, you can deploy multiple on-premise code scanners. You must have one code scanner per virtual machine instance.
- Click Download.
Tenable.cs downloads the tenable-code-scanner-docker.zip file.
-
Extract the on-premise code scanner deployment zip file.
Note: Do not alter the extracted contents.
To configure your on-premise code scanner to work with a self-signed certificate, see Configure an On-Premise Code Scanner to Use Self-Signed Certificate.
What to do next:

Before you begin:
-
You must have a virtual machine or system with the following minimum requirements:
-
A virtual machine with 4 GB RAM
-
20 GB Solid State Drive (SSD)
-
Ubuntu 18 or later
Examples of virtual machine include Amazon Elastic Compute Cloud (Amazon EC2) instance, Azure virtual machine, VMware, and so on.
-
-
Install Docker Engine. For more information, see Install Docker Engine on Ubuntu.
Tenable recommends the following installation methods:
Note: The latest version installs Compose V2, which uses the docker compose command. For more information, see Compose V2 Overview. -
(Optional) Perform the post-installation steps for Docker. For more information, see Post-installation steps for Linux.
To deploy the on-premise code scanner on a virtual machine:
-
Copy the on-premise code scanner configuration files that you extracted in Deploy an On-Premise Code Scanner.
-
In the Tenable.cs command-line interface (CLI), run the following commands:
Copycd <path_configuration_files_are_located>
chmod +x tenable-cs-code-scanner
sudo./tenable-cs-code-scannerCaution: Tenable.cs uses the docker-compose command that is supported with Compose V1. If you have Docker Compose V2, run the following command after executing the commands in Step 2 to deploy the on-premises code scanner:sudo docker compose up -d
The following is a sample output after a deployment:
-
In a browser, type the URL displayed in the output to launch the On Premise Scanner Management Console.
The On Premise Scanner Management Console page opens.
Note: If you have the IP address for the on-premise code scanner host virtual machine, you can manually launch the On Premise Code Scanner Management Console using the following URL:https://<ip-address>/<dns-name>:9020
Where:ip-address is the IP address of host virtual machine.
dns-name is the domain name of the host virtual machine.
Tenable.cs deploys the on-premise code scanner.
To configure the on-premises scanner on your repositories, see the following topics:
-
To check the status of the on-premise code scanner in Tenable.cs, navigate to Integrations > On-premise code scanner.
-
Hover over the on-premise code scanner.
-
Click the
button to view more options:
Option Description Download weekly logs Download the on-premises scanner logs for the last seven days.
Note: Enable the Allow on-premise code scanner to send logs to Tenable.cs option when configuring the on-premises scanner.Download installer Download the configuration file. Edit Modify the name of the on-premises scanner. Delete Delete the on-premises scanner. The following is a sample log from the on-premises scanner.
-