Tenable.sc
Tenable.sc (formerly SecurityCenter) is an on-premises vulnerability management platform. In Invicti ASPM, the integration connects to your self-hosted Tenable.sc instance to import vulnerability scan results into your projects.
Prerequisites
| Field | Description |
|---|---|
| Access Key | Tenable.sc API access key |
| Secret Key | Tenable.sc API secret key paired with the Access Key |
| URL | The base URL of your Tenable.sc instance (e.g., https://tenablesc.example.com) |
How to Get API Keys (on Tenable.sc Side)
- Log in to the Tenable.sc web interface.
- Navigate to System > Users.
- Select the user account you want to use for the integration.
- Under the API Keys section, click Generate.
- Copy the Access Key and Secret Key immediately — the secret key is shown only once.
Note: Refer to the Token Instructions link displayed in the Invicti ASPM settings panel for additional guidance on generating Tenable.sc API credentials.
Step 1: Navigate to Integrations
From the left sidebar menu, click on Integrations.
Step 2: Select the Infra Tab
On the Integrations > Scanners page, click on the Infra tab.
Step 3: Find and Activate Tenable.sc
Scroll through the list of Infra scanners to find Tenable.sc.
- If Tenable.sc is not activated, click the Activate button to enable the integration.
Step 4: Configure Connection Settings
Click the gear icon on the Tenable.sc card to open the settings panel. Fill in the required fields:
| Field | Description | Required |
|---|---|---|
| Instance | Select Default or a previously saved instance; choose "Add New Instance" to configure a new Tenable.sc server | No |
| Instance Name | A label for this instance (shown when adding a new instance) | Yes (if new instance) |
| Access Key | Tenable.sc API Access Key | Yes |
| Secret Key | Tenable.sc API Secret Key | Yes |
| URL | Base URL of your Tenable.sc instance | Yes |
| Insecure | Skip TLS certificate verification (use only for self-signed certificates) | No |
Step 5: Test the Connection
Click Test Connection. A green Connection successful message confirms that Invicti ASPM can authenticate with the Tenable.sc API.
Summary
| Step | Action |
|---|---|
| 1 | Navigate to Integrations from the sidebar |
| 2 | Select the Infra tab |
| 3 | Activate Tenable.sc |
| 4 | Enter Access Key, Secret Key, and URL |
| 5 | Test the connection |
How to Create a Scan
Navigate to Project Scanners
- Open a project in Invicti ASPM.
- Go to Settings > Scanners.
- Click Add Scanner.
Add Tenable.sc Scanner
- Select Infra as the scanner type.
- Choose Tenable.sc from the scanner list.
- Click Add to open the scan configuration drawer.
Scan Configuration Fields
| Field | Description | Required |
|---|---|---|
| Profile Name | A name to identify this scan configuration | Yes |
| Instance | Select Default or a specific named Tenable.sc instance | No |
| Bind to | Select the Tenable.sc scan to bind to | Yes |
| Meta Data | Additional metadata to tag the scan | Yes |
| Scan Tag | Free-text tag to identify or group scans | No |
| Start Scan | Toggle to trigger the Tenable.sc scan on the next run | No |
Scheduler
Enable the Scheduler toggle to automatically run Tenable.sc scans on a recurring schedule.
Webhook (Optional)
Add a webhook URL to receive scan completion notifications.
KDT Command
kdt scan -p <project_name> -t tenablesc -b -Troubleshooting
Connection Fails
| Issue | Resolution |
|---|---|
| Invalid Access Key or Secret Key | Verify the API keys in the Tenable.sc console under System > Users. Regenerate if needed. |
| URL unreachable | Confirm the Tenable.sc instance URL is reachable from the Invicti ASPM server. Check firewall rules. |
| TLS certificate error | If using a self-signed certificate, enable the Insecure option in the connection settings. |
| Secret not available | The secret key is shown only at creation — generate a new key pair if the original was not saved. |
Scan Issues
| Issue | Resolution |
|---|---|
| No scans available in Bind to dropdown | Ensure at least one scan repository exists in Tenable.sc and the API key has access to it. |
| Scan shows no findings | The selected Tenable.sc scan may have no active vulnerabilities. Check the Tenable.sc console. |
| Instance not connecting | Verify the URL and credentials for the specific instance match what is configured in Tenable.sc. |
Best Practices
- Use a dedicated API key for Invicti ASPM with the minimum required permissions rather than reusing credentials shared with other tools.
- Use named instances to manage multiple Tenable.sc servers (e.g., separate instances for different network zones).
- Rotate API keys periodically and update the integration settings in Invicti ASPM accordingly.
- Enable Insecure only in isolated, trusted environments — for production deployments, use a valid TLS certificate.
Limitations
- Tenable.sc in Invicti ASPM operates on-premises and requires network connectivity from the Invicti ASPM server to the Tenable.sc host.
- Only scans accessible via the provided API key are available for selection.
- Tenable.sc is an on-premises platform — cloud-only Tenable features are not available through this integration.
Updated about 3 hours ago