Tenable Container Security Scanner

The following feature is not supported in Tenable Vulnerability Management Federal Risk and Authorization Management Program (FedRAMP) environments. For more information, see the FedRAMP Product Offering.

The Tenable Container Security Scanner (Container Security Scanner) allows you to scan container images securely without sending the images outside your organization's network. The Container Security Scanner takes an initial inventory, or snapshot, of the images you want to scan and sends the inventory to Tenable Vulnerability Management for analysis. You can then view scan data for the images alongside data for images imported normally to Tenable Vulnerability Management. With the Container Security Scanner, you can scan:

• A specific image exported from a registry and stored locally on the machine where you install the scanner.

• All images hosted in a specific registry (for example, a Docker registry).

You can configure and run the Container Security Scanner on any machine that meets the system requirements.

First, download the Container Security Scanner to your machine. Then, configure and run the Container Security Scanner. After your scan completes, you can view the scan results in the Tenable Container Security dashboard.