Scan an Image via the Tenable Container Security Scanner
Required Additional License: Tenable Container Security
Required Tenable Vulnerability Management User Role: Scan Operator, Standard, Scan Manager, or Administrator
Run the Container Security Scanner in Image Inspect mode to scan a single image.
Before you begin:
- Download the image you want to scan to your local machine.
- Confirm your local machine meets the system requirements, as described in CS Scanner System Requirements.
- Download the Container Security Scanner, as described in Download the CS Scanner.
- Prepare your environment variable value, as described in the Environment Variables.
To run the Container Security Scanner in Image Inspect mode:
-
In the command-line interface of the machine where you want to run the scanner, run the customized configuration and command for your deployment type using the following parameters:
Note: Some of the following variables are not required to run the scanner. For information about these variables and their definitions, see Environment Variables.
Copydocker save <your image name as it appears in the repository> | docker run \
-e TENABLE_ACCESS_KEY=<variable> \
-e TENABLE_SECRET_KEY=<variable> \
-e IMPORT_REPO_NAME=<variable> \
-i tenableio-docker-consec-local.jfrog.io/cs-scanner:latest inspect-image <Image name as you want it to appear in Tenable Vulnerability Management -
Press Enter.
The Container Security Scanner scans the image.
What to do next:
- View the results of your scan, as described in View Scan Results for Container Images.