Configure a Local Connector to Import Images in Tenable Container Security

The following feature is not supported in Tenable Vulnerability Management Federal Risk and Authorization Management Program (FedRAMP) environments. For more information, see the FedRAMP Product Offering.

Required Additional License: Tenable Container Security

Required User Role: Administrator

To import and analyze images hosted in a local registry, you must configure your registry's connector. Tenable Container Security then imports the images from your registry and scans the images for vulnerabilities.

The amount of time Tenable Container Security takes to scan the images in your registry and display the results depends on the size and number of images you scan.

Note: If you use a connector to import and scan your images, Tenable Container Security may take up to several hours to display your images on the dashboard.

If your images do not appear on the dashboard within 24 hours of when you begin the import, contact Tenable Support.

Before you begin:

Activate your account and log in to the web portal, as described in Log in to Tenable Container Security via the Docker CLI.
Confirm the images you want to import are stored in your organization's container registry.

To configure a connector to a local container registry:

In the Connectors section of the Container Security dashboard, click Create.

Tenable Vulnerability Management opens the Cloud Connectors page, and the Cloud Connectors plane appears.
In the Container Security section, click the type of container registry you want to use and type a Connector Name. Alternatively, type the name of the registry in the search box.

Note: If you want to connect to a registry that is not listed, contact Tenable Support and let them know that you want your container registry to be officially supported. If your registry is not listed but is Docker-compatible, select Docker. For information about Docker-compatible connectors, see the Docker Documentation.
In the URL box, type your registry's URL.
In the Port box, type your registry's port ID.
In the Username box, type the registry username.
In the Password box, type the registry password.
Use the Schedule Import toggle to enable or disable scheduled imports.

Note: By default, Tenable Container Security requests new and updated asset records every 12 hours.

If enabled, in the Import drop-down box, select Day or Week as the frequency with which Tenable Container Security sends data requests to the registry.
Do one of the following:
- To save the connector, click Save.
  
  Note: If you click Save, Tenable Container Security saves your configured connector but does not import your assets. To launch a manual import for the connector, see Launch a Connector Import Manually in the Tenable Vulnerability Management User Guide.
- To save the connector and import your assets from the registry, click Save & Import.
  
  Note: When you import container images to scan, Tenable Container Security may abort the scan if the scan has been running for 60 minutes. If this happen, Scan Failed appears on the Images page in the Vulnerabilities and Malware columns for the aborted images.
  
  If Tenable Container Security aborts your scan, try simplifying your images before you import them, as described in the Docker Documentation. Alternatively, you can use the Tenable Container Security Scanner to scan your images without importing them to Tenable Container Security.
  
  If Tenable Container Security still aborts your scan, contact Tenable Support.
(Optional) Click Back to configure another connector.

What to do next:

View the results of your scan, as described in View Scan Results for Container Images.