Scan an Image via the Container Security Scanner

The following feature is not supported in Federal Risk and Authorization Management Program (FedRAMP) environments. For more information, see the FedRAMP Product Offering.

Required Additional License: Container Security

Required Vulnerability Management User Role: Scan Operator, Standard, Scan Manager, or Administrator

Run the CS Scanner in Image Inspect mode to scan a single image.

Before you begin:

To run the CS Scanner in Image Inspect mode:

  1. In the command-line interface of the machine where you want to run the scanner, run the customized configuration and command for your deployment type using the following parameters:

    Note: Some of the following variables are not required to run the scanner. For information about these variables and their definitions, see Environment Variables.

    docker save <your image name as it appears in the repository> | docker run \
    -e TENABLE_ACCESS_KEY=<variable> \
    -e TENABLE_SECRET_KEY=<variable> \
    -e IMPORT_REPO_NAME=<variable> \
    -i inspect-image <Image name as you want it to appear in>
  2. Press Enter.

    The CS Scanner scans the image.

What to do next: