Container Security Scanner

The following feature is not supported in Tenable.io Federal Risk and Authorization Management Program (FedRAMP) environments. For more information, see the FedRAMP Product Offering.

The Container Security Scanner (CS Scanner) allows you to scan container images securely without sending the images outside your organization's network. The CS Scanner takes an initial inventory, or snapshot, of the images you want to scan and sends the inventory to Tenable.io for analysis. You can then view scan data for the images alongside data for images imported normally to Tenable.io. With the CS Scanner, you can scan:

  • A specific image exported from a registry and stored locally on the machine where you install the scanner.

  • All images hosted in a specific registry (for example, a Docker registry).

You can configure and run the CS Scanner on any machine that meets the system requirements.

First, download the CS Scanner to your machine. Then, configure and run the CS Scanner. After your scan completes, you can view the scan results in the Container Security dashboard.