Security Center can detect container image vulnerabilities. This helps you detect high-risk system and application vulnerabilities to ensure the security and reliability of container images. This topic describes how to view and handle container image vulnerabilities.

Background information

Before you can view and handle container image vulnerabilities, you must enable container image scan.

Container image scan is a value-added service provided by Security Center and must be separately purchased. Only users of the Advanced,Enterprise, Ultimate, and Value-added Plan editions can purchase container image scan. If you use this feature, you are charged based on the number of times images are scanned and the number of scanned images. The fee per scan for each image is USD 0.3.

Scan for container image vulnerabilities

Scan container images

View container image vulnerabilities

View image system vulnerabilities

Fix container image vulnerabilities

You cannot fix container image vulnerabilities with a few clicks. To fix container image vulnerabilities, you must perform operations on container images based on the detection results of image system vulnerabilities.

Note We recommend that you handle vulnerabilities in container images at the earliest opportunity based on the information provided by Security Center. The information includes fixing commands, impact descriptions, and paths to malicious files.

After you fix container image vulnerabilities, you must perform a quick scan task on the Image Security page. Then, you can view the latest status of the vulnerabilities and check whether the vulnerabilities are fixed.