Secure Every Step
From Code to Cloud
Tenable.cs is a Cloud-Native Application Protection Platform (CNAPP) that enables your security team to extend vulnerability management to cloud workloads by defining policies as code that your team can apply at build-time and runtime.
Tenable.cs closes the divide between traditional security operations and cloud development teams by building upon Terrascan, one of the most popular open-source infrastructure as code (IaC) cloud security testing tools in the market.
With Tenable.cs, you can reduce the number of runtime threats for remediation by shifting-left and addressing security weaknesses as part of the dev process.
Try for Free Watch DemoCLOUD SECURITY AS CODE
Policy as Code
Continuous Assessment
Capture security policy as code, (e.g. CIS benchmark), continuously detect violations across IaC at build-time and enforce security policies early, before deployment (CI/CD)
GOVERNANCE as Code
Automated Governance
Capture security governance decisions (e.g. exception) within IaC and leverage code repositories for governance workflow and audit
DRIFT as Code
Continuous Detection
Continuously detect infrastructure changes in runtime, and report policy violations as IaC
SECURITY as Code
Advanced Security
Understand application vulnerabilities and prioritize risk resolution by identifying potential breach paths and assessing blast radius
REMEDIATION as Code
Automated Remediation
Automatically generate the IaC code to fix vulnerabilities and exposures. Push security fixes as IaC directly to developers through pull-requests (GitOps)
Complete Cloud Visibility: Continuously discover and assess cloud assets without the need to install agents, configure a scan or manage credentials. Gain visibility into the secure posture of your container images. Detect security issues quickly as new vulnerabilities are disclosed and as your cloud environment changes with instances spinning up and down.
“As organizations embrace immutable infrastructure, manual changes to production cloud deployments will become untenable. The approach of governing infrastructure as code, and subsequently reconciling any posture drift between cloud deployments and code, will enable immutable security for immutable infrastructure”
Krishna Bhagavathula, CTO, NBA
Security from build-time to run-time
Identify flaws in Infrastructure as Code by integrating into the IDE and pipeline.
Assess Infrastructure as Code on commit or merge requests.
Integrate into the CI/CD pipeline to identify flaws in containers and third-party libraries before deployment.
Continuously scan and assess Kubernetes and your cloud infrastructure to identify drift.
Identify flaws in running containers and compute instances without the need to deploy scanners or install agents.
Merge critical ad hoc changes and required remediation steps back into build.
DEVELOPER-FOCUSED FEATURES
- Integrate Tenable.cs into your IDE for a continuous security syntax check of your Infrastructure as Code.
- Automatically create Infrastructure as Code snippets from running cloud configurations.
- Save effort by always being on the right side of defined security policies with every commit.
- Integrate the assessment and findings into tools you know and trust, including Github, Gitlab, Jenkins, Slack, Bitbucket and many more.
- Tenable.cs is built upon Terrascan, an open-source IaC security testing tool that is freely available to developers.
INTEGRATE SECURITY INTO EVERY STEP
Full stack cloud-native security, defined through code and deployed in the cloud.
