CS Scanning Overview

The following feature is not supported in Tenable.io Federal Risk and Authorization Management Program (FedRAMP) environments.

Required Additional License: Tenable.io Container Security

Configure Tenable.io Container Security scans to collect data about your containers for analysis. Depending on your organization, one person may perform all of the steps, or several people may share the steps.

To configure Tenable.io Container Security scans:

  1. Import and scan your container images.

    • If you want to upload a specific image to Tenable.io Container Security for scanning, download the image from your external registry and push the image to Tenable.io Container Security.
    • If you want to import all the images from a registry to Tenable.io Container Security for scanning, configure a connector to import images from a registry.

      Note: If you use a connector to import and scan your images, Tenable.io Container Security may take up to several hours to display your images on the dashboard.

      If your images do not appear on the dashboard within 24 hours of when you begin the import, contact Tenable Support.

    • If you want to scan an image directly from your organization's local registry, or from your machine, download and run the Tenable.io CS Scanner.

    The amount of time Tenable.io Container Security takes to scan the images in your registry and display the results depends on the size and number of images you scan.

    Note: The data Tenable.io Container Security retains when you import an image depends on the import method you use.
    • Docker command or connectorTenable.io Container Security retains the image itself, as well as all metadata associated with the image (e.g., image layers, software packages on the image., etc.).
    • Tenable.io CS ScannerTenable.io Container Security retains only the metadata associated with the image.
      When you delete the image, Tenable.io Container Security removes the entire image and all image metadata.
  2. Navigate the Tenable.io Container Security dashboard to view and manage your scan data.

Note: Tenable.io Container Security imports and rescans your images at regular intervals, beginning when you first import and scan the images.