Scan an Image via the Tenable.io CS Scanner
Required User Role: Scan Operator, Standard, Scan Manager, or Administrator
Run the Tenable.io CS Scanner in Image Inspect mode to scan a single image.
Before you begin:
- Download the image you want to scan to your local machine.
- Confirm your local machine meets the system requirements, as described in CS Scanner System Requirements.
- Download the Tenable.io CS Scanner, as described in Download the CS Scanner.
- Prepare your environment variable value, as described in the Environment Variables.
To run the Tenable.io CS Scanner in Image Inspect mode:
In the CLI of the machine where you want to run the scanner, type the customized configuration and command for your deployment type using the parameters defined below.
Note: Some of the following variables are not required to run the scanner. For information about these variables and their definitions, see Environment Variables.
docker save<your image name as it appears in the repository>
| docker run \ -e TENABLE_ACCESS_KEY=<variable>
\ -e TENABLE_SECRET_KEY=<variable>
\ -e IMPORT_REPO_NAME=<variable>
-i tenableio-docker-consec-local.jfrog.io/cs-scanner:latest inspect-image<Image name as you want it to appear in Tenable.io>
The Tenable.io CS Scanner scans the image.
What to do next:
- View the results of your scan, as described in View Scan Results for Container Images.