Container Registry can scan all Linux-based container images for known vulnerabilities. Container Registry provides you with vulnerability evaluation information and related fix suggestions.

Background information

The time that is taken to scan an image varies with the image size. Generally, it takes fewer than 3 minutes to scan an image.

Procedure

  1. Log on to the Container Registry console.
  2. In the top navigation bar, select a region.
  3. In the left-side navigation pane, click Instances.
  4. On the Instances page, click the default instance.
  5. In the left-side navigation pane, click Tags. Find the image that you want to scan and click Security Scan in the Actions column.
  6. On the Security Scan page, click Trigger Scan.

Result

After the security scan is complete, you can view the details of the vulnerabilities that are detected.

Container Registry categorizes vulnerabilities by four severity levels: High, Medium, Low, and Unknown and provides summary information about all vulnerabilities that are detected. In addition, Container Registry displays the details of each vulnerability, including the version in which the vulnerability has been fixed.