All Products
Search
Document Center

Cloud Config:security-center-image-vul-check

Last Updated:Jun 23, 2026

Evaluates whether image scanning is enabled in Security Center (SAS) and no unfixed image vulnerabilities exist. If both conditions are met, the resource is evaluated as Compliant.

Scenarios

Use this rule to ensure image vulnerabilities are fixed promptly and improve overall system security.

Risk level

Default risk level: medium.

You can change the risk level when you configure this rule.

Compliance evaluation logic

  • If image scanning is enabled in SAS and no unfixed image vulnerabilities exist, the resource is evaluated as Compliant.
  • If image scanning is disabled in SAS, the resource is evaluated as Incompliant. If image scanning is enabled but unfixed vulnerabilities exist, the resource is also evaluated as Non-compliant. For more information about how to remediate a non-compliant configuration, see Incompliance remediation.
  • This rule does not apply when image scanning is disabled or no vulnerability information is available because no scan has been performed.

Rule details

Item Description
Rule name security-center-image-vul-check
Rule identifier security-center-image-vul-check
Tag SecurityCenter
Automatic remediation Not supported
Trigger type Periodic execution
Evaluation frequency Interval of 24 hours
Supported resource type All resources
Input parameter None

Incompliance remediation

Enable the image scan feature in SAS and fix all image vulnerabilities. For more information, see Container image scan.