Get Started with Tenable.io Container Security

Complete the following tasks in the order listed to get started with Tenable.io Container Security.

  1. Activate your account and log in to the web portal.
  2. Review the requirements described in Tenable.io Container Security Requirements.
  3. Review the user permissions assigned to each user role.
  4. Generate Access and Secret keys for the Tenable.io API.
  5. Run a Nessus scan on the network where your container images run, selecting the Basic Network Scan template and providing your network authentication credentials. For more information, see Scan and Policy Templates in the Nessus User Guide.

    Tenable.io Container Security identifies and analyzes only the images and containers found via credentialed Nessus scans.

  6. Import and scan your container images.

    The amount of time Tenable.io Container Security takes to scan the images in your registry and display the results depends on the size and number of images you scan.

    • If you want to upload a specific image to Tenable.io Container Security for scanning, download the image from your external registry and push the image to Tenable.io Container Security.
    • If you want to import all the images from a registry to Tenable.io Container Security for scanning, configure a connector to import images from a registry.

      Note: If you use a connector to import and scan your images, Tenable.io Container Security may take up to several hours to display your images on the dashboard.

      If your images do not appear on the dashboard within 24 hours of when you begin the import, contact Tenable Support.

    • If you want to scan an image directly from your organization's local registry, or from your machine, download and run the Tenable.io Container Security Scanner.
    Note: The data Tenable.io Container Security retains when you import an image depends on the import method you use.
    • Docker command or connectorTenable.io Container Security retains the image itself, as well as all metadata associated with the image (e.g., image layers, software packages on the image., etc.).
    • Tenable.io CS ScannerTenable.io Container Security retains only the metadata associated with the image.
      When you delete the image, Tenable.io Container Security removes the entire image and all image metadata.

After you complete these initial tasks, you can navigate the Tenable.io Container Security dashboard to view and manage your scan data.

Note: Tenable.io Container Security imports and rescans your images at regular intervals, beginning when you first import and scan the images.