Configure Container Security Connectors to Import and Scan Images
The following feature is not supported in Tenable.io Federal Risk and Authorization Management Program (FedRAMP) environments. For more information, see the FedRAMP Product Offering.
Connectors act as links to local or third-party registries. You can use connectors to access these registries and then import image data from them to Container Security.
To import and analyze container images, you must configure a connector to a registry or, in certain cases, to the registry's own connector.
After you configure your connectors, you can view and manage your connectors from the Settings page in Tenable.io. For more information about connectors, see Connectors in the Tenable.io Vulnerability Management User Guide.
The amount of time Tenable.io Container Security takes to scan the images in your registry and display the results depends on the size and number of images you scan.
Note: If you use a connector to import and scan your images, Tenable.io Container Security may take up to several hours to display your images on the dashboard.
If your images do not appear on the dashboard within 24 hours of when you begin the import, contact Tenable Support.
Tenable.io Container Security Connectors
Note: Container Security does not support connector configurations for Azure Container Registries (ACR). To import images from an ACR registry, use the Container Security Scanner.
Tenable.io Container Security supports image imports via the following connectors.
| Connector | Description |
|---|---|
| Container Security Scanner |
Command line operated, on-premises scanning tool that allows you to scan images without importing them into Tenable.io Container Security. To configure the Container Security Scanner, see Container Security Scanner. |
| Amazon Web Service (AWS) Elastic Container Registry (ECR) |
Connector for assets hosted in an AWS Elastic Container Registry. To configure an AWS ECR connector and import assets, see Configure an AWS ECR Connector to Import Images in Container Security. Note: To import assets from an AWS ECR, Tenable.io Container Security requires read-only access to your AWS account. |
| Docker |
Connector for assets hosted in a Docker-compatible registry. To configure a connector for a Docker EE registry, see Configure a Local Connector to Import Images in Container Security. Note: If your registry is not listed but is compatible with Docker Registry API version 2.0, select this connector. For information about Docker-compatible connectors, see the Docker Documentation. |
| Docker EE |
Connector for assets hosted in a Docker Enterprise Edition (EE) registry. To configure a connector for a Docker EE registry, see Configure a Local Connector to Import Images in Container Security. |
| JFrog Artifactory |
Connector for assets hosted in a JFrog Artifactory registry. To configure a connector for a JFrog Artifactory registry, see Configure a Local Connector to Import Images in Container Security. |