Configure Tenable Container Security Connectors to Import and Scan Images

Connectors act as links to local or third-party registries. You can use connectors to access these registries and then import image data from them to Tenable Container Security.

To import and analyze container images, you must configure a connector to a registry or, in certain cases, to the registry's own connector.

After you configure your connectors, you can view and manage your connectors from the Settings page in Tenable Vulnerability Management. For more information about connectors, see Connectors in the Tenable Vulnerability Management User Guide.

The amount of time Tenable Container Security takes to scan the images in your registry and display the results depends on the size and number of images you scan.

Note: If you use a connector to import and scan your images, Tenable Container Security may take up to several hours to display your images on the dashboard.

If your images do not appear on the dashboard within 24 hours of when you begin the import, contact Tenable Support.

Tenable Container Security Connectors

Note: Tenable Container Security does not support connector configurations for Azure Container Registries (ACR). To import images from an ACR registry, use the Tenable Container Security Scanner.

Tenable Container Security supports image imports via the following connectors.

Connector Description
Tenable Container Security Scanner

Command line operated, on-premises scanning tool that allows you to scan images without importing them into Tenable Container Security. To configure the Tenable Container Security Scanner, see Tenable Container Security Scanner.

Amazon Web Service (AWS) Elastic Container Registry (ECR)

Connector for assets hosted in an AWS Elastic Container Registry. To configure an AWS ECR connector and import assets, see Configure an AWS ECR Connector to Import Images in Tenable Container Security.

Note: To import assets from an AWS ECR, Tenable Container Security requires read-only access to your AWS account.

Docker

Connector for assets hosted in a Docker-compatible registry. To configure a connector for a Docker EE registry, see Configure a Local Connector to Import Images in Tenable Container Security.

Note: If your registry is not listed but is compatible with Docker Registry API version 2.0, select this connector. For information about Docker-compatible connectors, see the Docker Documentation.

Docker EE

Connector for assets hosted in a Docker Enterprise Edition (EE) registry. To configure a connector for a Docker EE registry, see Configure a Local Connector to Import Images in Tenable Container Security.

JFrog Artifactory

Connector for assets hosted in a JFrog Artifactory registry. To configure a connector for a JFrog Artifactory registry, see Configure a Local Connector to Import Images in Tenable Container Security.