Tenable.io CS Scanner

The following feature is not supported in Tenable.io Federal Risk and Authorization Management Program (FedRAMP) environments. For more information, see the FedRAMP Product Offering.

The Tenable.io Container Security Scanner (Tenable.io CS Scanner) allows you to scan container images securely without sending the images outside your organization's network. The Tenable.io CS Scanner takes an initial inventory, or snapshot, of the images you want to scan and sends the inventory to Tenable.io for analysis. You can then view scan data for the images alongside data for images imported normally to Tenable.io. With the Tenable.io CS Scanner, you can scan:

  • A specific image exported from a registry and stored locally on the machine where you install the scanner.

  • All images hosted in a specific registry (for example, a Docker registry).

You can configure and run the Tenable.io CS Scanner on any machine that meets the system requirements.

First, download the Tenable.io CS Scanner to your machine. Then, configure and run the Tenable.io CS Scanner. After your scan completes, you can view the scan results in the Tenable.io Container Security dashboard.