Tenable Container Security Scanner System Requirements
The following feature is not supported in Tenable Vulnerability Management Federal Risk and Authorization Management Program (FedRAMP) environments. For more information, see the FedRAMP Product Offering.
The machine where you want to run the Tenable Container Security Scanner must meet the following requirements.
Software and Hardware Requirements
| Deployment Type | Software Requirements | RAM | Temporary Storage | CPU |
|---|---|---|---|---|
| Local |
Able to run Linux containers |
2 GB | 15 GB | 64-bit multi-core, x86 compatible |
Internet
The machine where you want to run the Container Security Scanner must have access to the Internet when you download and run the scanner. The machine must allow outbound HTTPS traffic for communications with the cloud.tenable.com server.
SSL Certificate Requirements
If the registry that hosts your images requires the HTTPS protocol, you must have an SSL certificate signed by a trusted Certificate Authority (CA) installed on the registry. Refer to your registry's documentation for installing an SSL certificate.
Note: Mozilla's CA Certificate Store is the Tenable Container Security Scanner's trusted certificate authority.
Note: If you want the Container Security Scanner to scan the registry without verifying that a trusted CA signed the certificate, you must include the ALLOW_INSECURE_SSL_REGISTRY variable when you run the scanner. For more information, see Environment Variables.
Supported Container Image Formats
The Container Security Scanner supports the following image formats:
- Docker images
- Open Containers Initiative (OCI) images