Tenable Container Security Scanner System Requirements

The machine where you want to run the Tenable Container Security Scanner must meet the following requirements.

Software and Hardware Requirements

Deployment Type Software Requirements RAM Temporary Storage CPU
Local

Able to run Linux containers

2 GB   15 GB   64-bit multi-core, x86 compatible

Internet

The machine where you want to run the Container Security Scanner must have access to the Internet when you download and run the scanner. The machine must allow outbound HTTPS traffic for communications with the cloud.tenable.com server.

SSL Certificate Requirements

If the registry that hosts your images requires the HTTPS protocol, you must have an SSL certificate signed by a trusted Certificate Authority (CA) installed on the registry. Refer to your registry's documentation for installing an SSL certificate.

Note: Mozilla's CA Certificate Store is the Tenable Container Security Scanner's trusted certificate authority.

Note: If you want the Container Security Scanner to scan the registry without verifying that a trusted CA signed the certificate, you must include the ALLOW_INSECURE_SSL_REGISTRY variable when you run the scanner. For more information, see Environment Variables.

Supported Container Image Formats

The Container Security Scanner supports the following image formats:

  • Docker images
  • Open Containers Initiative (OCI) images