Scan a Registry via the Container Security Scanner

The following feature is not supported in Federal Risk and Authorization Management Program (FedRAMP) environments. For more information, see the FedRAMP Product Offering.

Required Additional License: Container Security

Required Vulnerability Management User Role: Scan Operator, Standard, Scan Manager, or Administrator

Run the CS Scanner in Registry Import mode to scan all images in a registry.

Before you begin:

To run the CS Scanner in Registry Import mode:

  1. In the command-line interface of the machine where you want to run the scanner, run the customized configuration and command for your deployment type using the following parameters:

    Note: Some of the following variables are not required to run the scanner. For information about these variables and their definitions, see Environment Variables.

    docker run \ 
    -e TENABLE_ACCESS_KEY=<variable> \ 
    -e TENABLE_SECRET_KEY=<variable> \ 
    -e IMPORT_REPO_NAME=<variable> \ 
    -e REGISTRY_URI=<variable> \ 
    -e REGISTRY_USERNAME=<variable> \ 
    -e REGISTRY_PASSWORD=<variable> \  
    -e IMPORT_INTERVAL_MINUTES=<variable> \ 
    -i import-registry    
  2. Press Enter.

    The CS Scanner scans all images in the registry.

What to do next: