All Products
Search

This Product

    Security Center:Overview

    Document Center

    Security Center:Overview

    Last Updated:Dec 22, 2023

    The container image scan feature can manage container images and detect security risks in a comprehensive manner. The risks include high-risk system vulnerabilities, application vulnerabilities, malicious samples, configuration risks, and sensitive data in images. The feature also supports quick fixing of detected image system vulnerabilities. You can use the feature to manage and ensure image security to protect related systems and data.

    Limits

    Container image scan is a value-added feature of Security Center and must be separately purchased. Only users of the Advanced, Enterprise, Ultimate, and Value-added Plan editions can purchase container image scan.

    Supported regions

    Only the Container Registry instances in the following regions support the container image scan feature.

    Area

    Supported region

    China

    • China (Qingdao), China (Beijing), China (Zhangjiakou), and China (Hohhot)

    • China (Shenzhen), China (Heyuan), and China (Guangzhou)

    • China (Hangzhou) and China (Shanghai)

    • China (Chengdu)

    • China (Hong Kong)

    • China East 2 Finance, China South 1 Finance, China North 2 Finance, and China North 2 Ali Gov 1

    Outside China

    • Japan (Tokyo), South Korea (Seoul), Singapore, Australia (Sydney), Malaysia (Kuala Lumpur), Indonesia (Jakarta), Philippines (Manila), Thailand (Bangkok), and India (Mumbai)

    • Germany (Frankfurt), UK (London), US (Virginia), and US (Silicon Valley)

    Items that can be detected

    Item

    Description

    Suggestion

    Image system vulnerability

    The container image scan feature can detect vulnerabilities that may affect the security of the container environment, such as operating system vulnerabilities and third-party software vulnerabilities in images.

    We recommend that you fix image system vulnerabilities at the earliest opportunity based on the fixing commands and impact descriptions that are provided by Security Center.

    Image application vulnerability

    The container image scan feature can detect application vulnerabilities in images. The vulnerabilities can cause security issues such as unauthorized access, code injection, and denial-of-service (DoS) attacks.

    We recommend that you fix image application vulnerabilities at the earliest opportunity based on the fixing commands and impact descriptions provided by Security Center.

    Image baseline risk

    The container image scan feature can check whether images conform to security configuration specifications and best practices.

    We recommend that you handle image baseline risks at the earliest opportunity based on the baseline check details that are provided by Security Center.

    Malicious image sample

    The container image scan feature can detect malicious files, malicious code, and malicious behavior in images and during container runtime.

    We recommend that you handle malicious file samples at the earliest opportunity based on the information provided by Security Center. The information includes paths to malicious files.

    Sensitive image file

    The container image scan feature can detect common sensitive files, which include the following items:

    • Application configurations that contain sensitive information

    • General certificate keys

    • Application identity or logon credentials

    • Credentials for cloud server providers

    We recommend that you estimate risks based on the suggestions provided by Security Center, remove sensitive information at the earliest opportunity, and then recreate images.

    Important

    The container image scan feature supports quick fixing of image system vulnerabilities. For other risks, you can manually fix them based on the suggestions included in the risk details.

    Supported operating systems and versions

    Operating system

    Operating system version that supports risk detection

    Operating system version that supports risk fixing

    Red Hat

    • Red Hat 5

    • Red Hat 6

    • Red Hat 7

    None

    CentOS

    • CentOS 5

    • CentOS 6

    • CentOS 7

    • CentOS 7

    • CentOS 8

    Ubuntu

    • Ubuntu 12.04

    • Ubuntu 14.04

    • Ubuntu 16.04

    • Ubuntu 18.04

    • Ubuntu 18.10

    • Ubuntu 14

    • Ubuntu 16

    • Ubuntu 18

    Debian

    • Debian 6

    • Debian 7

    • Debian 8

    • Debian 9

    • Debian 10

    • Debian 9

    • Debian 10

    Alpine

    • Alpine 2.3

    • Alpine 2.4

    • Alpine 2.5

    • Alpine 2.6

    • Alpine 2.7

    • Alpine 3.1

    • Alpine 3.2

    • Alpine 3.3

    • Alpine 3.4

    • Alpine 3.5

    • Alpine 3.6

    • Alpine 3.7

    • Alpine 3.8

    • Alpine 3.9

    • Alpine 3.10

    • Alpine 3.11

    • Alpine 3.12

    Alpine 3.9

    Amazon Linux

    • Amazon Linux 2

    • Amazon Linux AMI

    None

    Oracle Linux

    • Oracle Linux 5

    • Oracle Linux 6

    • Oracle Linux 7

    • Oracle Linux 8

    None

    SUSE Linux Enterprise Server

    • SUSE Linux Enterprise Server 5

    • SUSE Linux Enterprise Server 6

    • SUSE Linux Enterprise Server 7

    • SUSE Linux Enterprise Server 8

    • SUSE Linux Enterprise Server 9

    • SUSE Linux Enterprise Server 10

    • SUSE Linux Enterprise Server 10 SP4

    • SUSE Linux Enterprise Server 11 SP3

    • SUSE Linux Enterprise Server 12 SP2

    • SUSE Linux Enterprise Server 12 SP5

    None

    Fedora Linux

    • Fedora Linux 2X

    • Fedora Linux 3X

    None

    openSUSE

    • openSUSE 10.0

    • openSUSE Leap 15.2

    • openSUSE Leap 42.3

    None

    References