Deploy an On-Premises Code Scanner

To deploy an on-premises code scanner, you must first download the deployment package for Ubuntu Linux from Tenable Cloud Security and then deploy the package on a virtual machine.

Download the On-premises Code Scanner Package
Deploy the On-premises Code Scanner on a Virtual Machine

To download the on-premises code scanner package:

Access Tenable Cloud Security.
In the left navigation bar, click Integrations.
The All Integrations page appears.
Click On-premise code scanner.
The On-premise code scanner window appears.
In the upper-right corner, click Download new.
The New On-premise code scanner window appears.
In the Select deployment option section, select Ubuntu Linux.
Click Continue.

Tenable Cloud Security displays the setup instructions for Ubuntu Linux.

Note: Depending on the number of enterprise repository servers, you can deploy multiple on-premises code scanners. You must have one code scanner per virtual machine instance.

Click Download.
Tenable Cloud Security downloads the tenable-code-scanner-docker.zip file.
Extract the on-premises code scanner deployment zip file.

Note: Do not alter the extracted contents.

To configure your on-premises code scanner to work with a self-signed certificate, see Configure an On-Premise Code Scanner to Use Self-Signed Certificate.

What to do next:

Deploy the On-premises Code Scanner on a Virtual Machine

Before you begin:

You must have a virtual machine or system with the following minimum requirements:
- A virtual machine with 4 GB RAM
- 20 GB Solid State Drive (SSD)
- Ubuntu 18 or later
Examples of virtual machine include Amazon Elastic Compute Cloud (Amazon EC2) instance, Azure virtual machine, VMware, and so on.
Install Docker Engine. For more information, see Install Docker Engine on Ubuntu.

Tenable recommends the following installation methods:
- Install using the convenience script
- Install from a package
  
  (Optional) Perform the post-installation steps for Docker. For more information, see Post-installation steps for Linux.
Note: The latest version installs Compose V2, which uses the docker compose command. For more information, see Compose V2 Overview.
Add the Terraform versions to your firewall whitelist. To test that the on-premises scanner works for Terraform, do the following:
1. Run cURL on the Terraform version URL.
```
cURL https://releases.hashicorp.com/terraform/
```
2. Clone a repository.
3. Run the terraform init command on the repository.

To deploy the on-premises code scanner on a virtual machine:

Copy the on-premises code scanner configuration files that you extracted in Deploy an On-Premises Code Scanner.
Open a terminal on the virtual machine created for the on-premises scanner and run the following commands:
Copy
```
cd <path_configuration_files_are_located>
chmod +x tenable-cs-code-scanner
sudo./tenable-cs-code-scanner
```
Caution: Tenable Cloud Security uses the docker-compose command that is supported with Compose V1. If you have Docker Compose V2, run the following command after executing the commands in Step 2 to deploy the on-premises code scanner:
sudo docker compose up -d

The following is a sample output after a deployment:
In a browser, type the URL displayed in the output to launch the On Premise Scanner Management Console.

The On Premise Scanner Management Console page opens.
Note: If you have the IP address for the on-premises code scanner host virtual machine, you can manually launch the On Premise Code Scanner Management Console using the following URL:
https://<ip-address>/<dns-name>:9020
Where:
- ip-address is the IP address of host virtual machine.
- dns-name is the domain name of the host virtual machine.
Tenable Cloud Security deploys the on-premises code scanner.

To configure the on-premises scanner on your repositories, see the following topics:

To check the status of the on-premises code scanner in Tenable Cloud Security, navigate to Integrations > On-premise code scanner.

Hover over the on-premises code scanner.

Click the button to view more options:

Option	Description
Download weekly logs	Download the on-premises scanner logs for the last seven days. Note: Enable the Allow on-premise code scanner to send logs to Tenable Cloud Security option when configuring the on-premises scanner.
Download installer	Download the configuration file.
Edit	Modify the name of the on-premises scanner.
Delete	Delete the on-premises scanner.

The following is a sample log from the on-premises scanner.