Deploy an On-Premise Code Scanner

To deploy an on-premises code scanner, you must first download the deployment package for Ubuntu Linux from Tenable.cs and then deploy the package on a virtual machine.

Download the on-premise code scanner package
Deploy the On-Premise Code Scanner on a Virtual Machine

To download the on-premise code scanner package:

Access Tenable.cs.
In the left navigation bar, click Integrations.
The All Integrations page appears.
Click On-premise code scanner.
The On-premise code scanner window appears.
In the upper-right corner, click Download new.
The New On-premise code scanner window appears.
In the Select deployment option section, select Ubuntu Linux.
Click Continue.

Tenable.cs displays the setup instructions for Ubuntu Linux.

Note: Depending on the number of enterprise repository servers, you can deploy multiple on-premise code scanners. You must have one code scanner per virtual machine instance.

Click Download.
Tenable.cs downloads the tenable-code-scanner-docker.zip file.
Extract the on-premise code scanner deployment zip file.

Note: Do not alter the extracted contents.

To configure your on-premise code scanner to work with a self-signed certificate, see Configure an On-Premise Code Scanner to Use Self-Signed Certificate.

What to do next:

Deploy the On-Premise Code Scanner on a Virtual Machine

Before you begin:

You must have a virtual machine or system with the following minimum requirements:
- A virtual machine with 4 GB RAM
- 20 GB Solid State Drive (SSD)
- Ubuntu 18 or later
Examples of virtual machine include Amazon Elastic Compute Cloud (Amazon EC2) instance, Azure virtual machine, VMware, and so on.
Install Docker Engine. For more information, see Install Docker Engine on Ubuntu.

Tenable recommends the following installation methods:
- Install using the convenience script
- Install from a package
Note: The latest version installs Compose V2, which uses the docker compose command. For more information, see Compose V2 Overview.
(Optional) Perform the post-installation steps for Docker. For more information, see Post-installation steps for Linux.

To deploy the on-premise code scanner on a virtual machine:

Copy the on-premise code scanner configuration files that you extracted in Deploy an On-Premise Code Scanner.
In the Tenable.cs command-line interface (CLI), run the following commands:
Copy
```
cd <path_configuration_files_are_located>
chmod +x tenable-cs-code-scanner
sudo./tenable-cs-code-scanner
```
Caution: Tenable.cs uses the docker-compose command that is supported with Compose V1. If you have Docker Compose V2, run the following command after executing the commands in Step 2 to deploy the on-premises code scanner:
sudo docker compose up -d

The following is a sample output after a deployment:
In a browser, type the URL displayed in the output to launch the On Premise Scanner Management Console.

The On Premise Scanner Management Console page opens.
Note: If you have the IP address for the on-premise code scanner host virtual machine, you can manually launch the On Premise Code Scanner Management Console using the following URL:
https://<ip-address>/<dns-name>:9020
Where:
- ip-address is the IP address of host virtual machine.
- dns-name is the domain name of the host virtual machine.
Tenable.cs deploys the on-premise code scanner.

To configure the on-premises scanner on your repositories, see the following topics:

To check the status of the on-premise code scanner in Tenable.cs, navigate to Integrations > On-premise code scanner.

Hover over the on-premise code scanner.

Click the button to view more options:

Option	Description
Download weekly logs	Download the on-premises scanner logs for the last seven days. Note: Enable the Allow on-premise code scanner to send logs to Tenable.cs option when configuring the on-premises scanner.
Download installer	Download the configuration file.
Edit	Modify the name of the on-premises scanner.
Delete	Delete the on-premises scanner.

The following is a sample log from the on-premises scanner.