The container image scan feature of Security Center detects and identifies both historical and the latest vulnerabilities in container images, and provides suggestions on vulnerability fixes. It provides you with end-to-end vulnerability management capabilities that make image vulnerability fixes easier.

Limits

Only the Enterprise and Ultimate editions of Security Center support this feature. If you do not use these editions, you must upgrade Security Center to the Enterprise or Ultimate edition before you can use this feature. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center. For more information about the features that each edition supports, see Features.

Supported regions

Only the Container Registry instances of the Enterprise edition in the following regions support the container image scan feature: China (Hangzhou), China (Shanghai), China (Beijing), China (Shenzhen), and Singapore (Singapore).

Items that can detected

Item Detection Fix Remarks
Image system vulnerability Supported Not supported We recommend that you fix image system vulnerabilities at the earliest opportunity based on the fixing commands and impact descriptions provided by Security Center.
Image application vulnerability Supported Not supported We recommend that you fix image application vulnerabilities at the earliest opportunity based on the fixing commands and impact descriptions provided by Security Center.
Malicious image sample Supported Not supported We recommend that you handle malicious file samples at the earliest opportunity based on the information provided by Security Center. The information includes paths to malicious files.

Procedure

  1. Enable the container image scan feature
  2. Add third-party image repositories to Security Center
  3. Scan container images
  4. View container image scan results

References

Container security

View the security information of containers

Threat detection for Kubernetes containers

Use Runtime Security to monitor ACK clusters and configure alerts