The feature of container image scan detects and identifies high-risk system vulnerabilities, application vulnerabilities, malicious samples, configuration risks, and sensitive data in images. It also provides suggestions on how to handle these issues and end-to-end vulnerability management. This makes image vulnerability fixes easier.

Background information

The container image scan feature is a value-added feature of Security Center and must be separately purchased. If you use this feature, you are charged based on the number of times images are scanned and the number of scanned images.The fee per scan for each image is USD 0.3.

Supported regions

Only the Container Registry instances in the following regions support container image scan: China (Hangzhou), China (Shanghai), China (Beijing), China (Shenzhen), China (Hong Kong), and Singapore (Singapore).

Items that can be detected

Item Detection Fixing Remarks
Image system vulnerability Supported Supported We recommend that you fix image system vulnerabilities at the earliest opportunity based on the fixing commands and impact descriptions provided by Security Center.
Image application vulnerability Supported Not supported We recommend that you fix image application vulnerabilities at the earliest opportunity based on the fixing commands and impact descriptions provided by Security Center.
Image baseline risk Supported Not supported We recommend that you handle image baseline risks at the earliest opportunity based on the baseline check details provided by Security Center.
Malicious image sample Supported Not supported We recommend that you handle malicious file samples at the earliest opportunity based on the information provided by Security Center. The information includes paths to malicious files.

Procedure

  1. Enable the container image scan feature
  2. Add third-party image repositories to Security Center
  3. Scan container images
  4. View container image scan results

Supported operating systems and versions

Operating system Version
Red Hat 5, 6, and 7
CentOS 5, 6, and 7
Ubuntu 12.04, 14.04, 16.04, 18.04, and 18.10
Debian 6, 7, 8, 9, and 10
Alpine
  • 2.3, 2.4, 2.5, 2.6, and 2.7
  • 3.1, 3.2, 3.3, 3.4, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, and 3.12
Amazon Linux
  • Amazon Linux 2
  • Amazon linux AMI
Oracle Linux 5, 6, 7, and 8
SUSE Linux Enterprise Server
  • 5, 6, 7, 8, 9, and 10
  • 10 SP4
  • 11 SP3
  • 12 SP2
  • 12 SP5
Fedora Linux 2X and 3X
openSUSE
  • 10.0
  • Leap 15.2
  • Leap 42.3

References

Container security

View the security information of containers

Use threat detection on Kubernetes containers

Use Runtime Security to monitor ACK clusters and configure alerts