Push a Container Image to Tenable Container Security

The following feature is not supported in Tenable Vulnerability Management Federal Risk and Authorization Management Program (FedRAMP) environments. For more information, see the FedRAMP Product Offering.

Required Additional License: Tenable Container Security

Required Tenable Vulnerability Management User Role: Scan Operator, Standard, Scan Manager, or Administrator

Use Docker commands to download the image from the external registry where it resides and import it to Tenable Container Security.

The amount of time Tenable Container Security takes to scan the images in your registry and display the results depends on the size and number of images you scan.

Before you begin:

• Log in to Tenable Vulnerability Management Container Security via the Docker command.

To push container image to Tenable Container Security:

1. In the CLI, run the following command to download the image from an external registry:

   Copy

   docker pull alpine:latest

2. In the CLI, run the following command to add the registry.cloud.tenable.com tag.
   Copy

   docker tag alpine:latest registry.cloud.tenable.com/alpine:latest

   Note: The registry.cloud.tenable.com tag prompts Docker to push the image to Tenable Container Security. If you do not add the registry.cloud.tenable.com tag, Docker automatically pushes the image to the Docker central repository.

3. In the CLI, run the following command to push the tagged image to Tenable Container Security.

   Copy

   docker push registry.cloud.tenable.com/alpine:latest

   Docker pushes the image to Tenable Container Security. Tenable Container Security scans the images for vulnerabilities.

   Note: When you import container images to scan, Tenable Container Security may abort the scan if the scan has been running for 60 minutes. If this happen, Scan Failed appears on the Images page in the Vulnerabilities and Malware columns for the aborted images.

   If Tenable Container Security aborts your scan, try simplifying your images before you import them, as described in the Docker Documentation. Alternatively, you can use the Tenable Container Security Scanner to scan your images without importing them to Tenable Container Security.

   If Tenable Container Security still aborts your scan, contact Tenable Support.

What to do next:

• View the results of your scan, as described in View Scan Results for Container Images.