Recently Viewed Topics
Scan a Registry via the Tenable.io CS Scanner
Required User Role: Scan Operator, Standard, Scan Manager, or Administrator
Run the Tenable.io CS Scanner in Registry Import mode to scan all images in a registry.
Before you begin:
- Confirm your machine meetings the system requirements described in Tenable.io CS Scanner System Requirements.
- Download the Tenable.io CS Scanner, as described in Download the CS Scanner.
- Prepare your environment variable values, as described in the Environment Variables.
- (Optional) To scan images hosted in an Amazon Web Services (AWS) Elastic Container Registry (ECR), an Azure registry, or a Google Container Registry (GCR), prepare your registry as described in Prepare your Registry.
To run the Tenable.io CS Scanner in Registry Import mode:
In the CLI of the machine where you want to run the scanner, type the customized configuration and command for your deployment type using the parameters defined below.
Note: Some of the following variables not required to run the scanner. For information about these variables and their definitions, see Environment Variables.
docker run \ -e TENABLE_ACCESS_KEY=<variable> \ -e TENABLE_SECRET_KEY=<variable> \ -e IMPORT_REPO_NAME=<variable> \ -e REGISTRY_URI=<variable> \ -e REGISTRY_USERNAME=<variable> \ -e REGISTRY_PASSWORD=<variable> \ -e IMPORT_INTERVAL_MINUTES=<variable> \ -i tenableio-docker-consec-local.jfrog.io/cs-scanner:latest import-registry
The Tenable.io CS Scanner scans all images in the registry.
What to do next:
- View the results of your scan, as described in View Scan Results for Container Images.