To use the container image scan feature, you must purchase and enable this feature. This topic describes how to purchase and enable the container image scan feature.

Background information

The container image scan feature is a value-added feature of Security Center and must be separately purchased. If you use this feature, you are charged based on the number of times images are scanned and the number of scanned images. The fee per scan for each image is USD 0.3.

Note Only the Enterprise and Ultimate editions of Security Center support this feature. If you do not use these editions, you must upgrade Security Center to the Enterprise or Ultimate edition before you can use this feature. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center. For more information about the features that each edition supports, see Features.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Image Security.
  3. On the page that appears, click Immediate purchase.
  4. In the panel that appears, click Upgrade. In the Upgrade panel, set Edition to Enterprise or Ultimate (Container Security).
    In addition to all the features that the Enterprise edition supports, the Ultimate edition also supports the Radar feature, threat detection for Kubernetes containers, and threat detection during container runtime. If you have high requirements for container security, we recommend that you set Edition to Ultimate (Container Security).
  5. After you set Edition to Enterprise or Ultimate (Container Security), configure the parameters, including Container Image Scan.
    We recommend that you set Container Image Scan to the number of images for which you want to detect container vulnerabilities during the subscription period. Security Center identifies an image based on a unique digest value. If the digest value of an image does not change, the number of times specified by Container Image Scan is deducted only by one from the first scan. If the digest value of an image changes, the number of times specified by Container Image Scan is deducted by one each time the digest value changes. For example, if you want to scan 10 images and the total number of times the digest values of the images change is expected to be 20 within the subscription period, you must set Container Image Scan to 30. This indicates that the value of Container Image Scan is the sum of the number of images you want to scan plus the number of times the digest values of the images change.

    References:

  6. Click Buy Now and complete the payment.