Security Center provides the container image scan feature to detect image system vulnerabilities, image application vulnerabilities, and malicious image samples. This allows you to view risks and reinforces the security of your container assets. This topic describes how to view the image system vulnerabilities, image application vulnerabilities, and malicious image samples in your assets.

Prerequisites

Container image scans are performed. For more information, see Scan container images.

Background information

The container image scan feature can detect vulnerabilities and malicious samples. For more information, see the following sections:
Note You can use the image security scan feature to detect only image system vulnerabilities, image application vulnerabilities, and malicious image samples. This feature cannot be used to fix the detected vulnerabilities. We recommend that you handle vulnerabilities in containers at the earliest opportunity based on the information provided by Security Center. The information includes fixing commands, impact descriptions, and paths to malicious files.

View image system vulnerabilities

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Image Security.
  3. On the Image System Vul tab, view the detected image system vulnerabilities.
    You can perform the following operations:
    • View vulnerabilities

      View the vulnerability names, vulnerability characteristics, number of affected images, and last scan time.

    • View vulnerability priorities
      The priorities of vulnerabilities are displayed in different colors in the Affected Assets column. The number in each row of this column indicates the total number of the assets affected by a vulnerability. The following section describes the relationship between colors and a priorities:
      • Red: High
      • Orange: Medium
      • Gray: Low
      Priority
      Note We recommend that you fix vulnerabilities with the High priority at the earliest opportunity.
    • Filter vulnerabilities

      On the Image System Vul tab, filter vulnerabilities by vulnerability priority, instance ID, repository name, namespace, digest, or vulnerability name. A vulnerability priority can be high, medium, or low.

      Note You can search for vulnerabilities by repository or vulnerability name. Fuzzy match is supported.
    • View vulnerability details
      Find the vulnerability that you want to view and click View in the Operation column. On the page that appears, perform the following operations based on your requirements:
      • View details of the Alibaba Cloud vulnerability library
        Click the CVE ID to go to the Alibaba Cloud vulnerability library. CVE ID

        On the page that appears, view details about the vulnerability, including the vulnerability description, basic information, and solution.

      • View fixing commands and impact descriptions
        Click Details to view the fixing commands and impact descriptions. Impact descriptions
        • Fix Command: the fixing command.
        • Impact description:
          • Software: the image version.
          • Cause: the reason why the image is exposed to this vulnerability. In most cases, the reason is that the current version is outdated.
          • Path: the path of the image on the server.
          • Image Layer: the image layer on which the vulnerability is detected.
        • Caution: important notes, prevention tips, and references for the vulnerability.
        Note Security Center does not support quick fixes of image system vulnerabilities. You can manually locate and fix the vulnerabilities based on the fixing commands and impact descriptions. After you fix an image system vulnerability, click Scan Now on the Image Security page to update the vulnerability status on the Image System Vul tab.

View image application vulnerabilities

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Image Security.
  3. On the Image Security page, click the Image Application Vul tab.
  4. On the Image Application Vul tab, view the detected image application vulnerabilities.
    You can perform the following operations:
    • View vulnerability announcements

      You can view vulnerability names, vulnerability characteristics, number of affected images, and last scan time.

    • View vulnerability priorities
      The priorities of vulnerabilities are displayed in different colors in the Affected Assets column. The number in each row of this column indicates the total number of the assets affected by a vulnerability. The following section describes the relationship between colors and a priorities:
      • Red: High
      • Orange: Medium
      • Gray: Low
      Note We recommend that you fix vulnerabilities with the High priority at the earliest opportunity.
    • Filter vulnerabilities

      On the Image Application Vul tab, filter vulnerabilities by vulnerability priority, instance ID, repository name, namespace, digest, or vulnerability name. A vulnerability priority can be high, medium, or low.

    • View vulnerability details
      Find the vulnerability that you want to view and click View in the Operation column. On the page that appears, perform the following operations based on your requirements:
      • View details of the Alibaba Cloud vulnerability library

        Click the CVE ID to go to the Alibaba Cloud vulnerability library.

        On the page that appears, view details about the vulnerability, including the vulnerability description, basic information, and solution.

      • View the fixing commands and impact descriptions

        Click Details to view the fixing commands and impact descriptions.

        • Fix Command: the fixing command.
        • Impact description:
          • Software: the image version.
          • Cause: the reason why the image is exposed to this vulnerability. In most cases, the reason is that the current version is outdated.
          • Path: the path of the image on the server.
          • Image Layer: the image layer on which the vulnerability is detected.
        • Caution: important notes, prevention tips, and references for the vulnerability.

View malicious image samples

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Image Security.
  3. On the Image Security page, click the Mirror Malicious Sample tab.
  4. On the Mirror Malicious Sample tab, view the detected malicious image samples.
    You can perform the following operations:
    • Filter malicious image samples

      In the upper-right corner of the list of malicious image samples, select Urgent, Warning, or Notice to query malicious image samples. You can also filter malicious image samples by instance ID, repository name, namespace, digest, or malicious sample name.

    • View malicious image samples

      In the list of malicious image samples, you can view the sample names, number of affected images, first scan time, last scan time, and processing status.

    • View the details of a malicious image sample

      Find the malicious sample that you want to view and click View in the Operation column to view the details.

    Note A malicious image sample may change the memory attributes from readable and writable to readable and executable or modify the network proxy settings to intrude into your server. We recommend that you handle the malicious image samples at the earliest opportunity.