To use the feature of container image scan, you must purchase and enable this feature. This topic describes how to purchase and enable container image scan.

Background information

Container image scan is a value-added feature of Security Center and must be separately purchased. Only users of the Advanced,Enterprise, Ultimate, and Value-added Plan editions can purchase container image scan.

If you purchase container image scan, you are charged base on the quota specified by Container Image Scan. For more information about billing details, visit Security Center buy page.

Note Users of the Basic edition can upgrade Security Center to the Advanced, Enterprise, Ultimate, or Value-added Plan edition to purchase container image scan. Users of the Anti-virus edition can upgrade Security Center to the Advanced, Enterprise, or Ultimate edition to purchase container image scan.

Procedure for users of Security Center Basic

  1. Log on to the Security Center console.In the left-side navigation pane, choose Protection Configuration > Container Protection > Image Security.
  2. On the page that appears, click Immediate purchase.
  3. Click Buy Advanced, Buy Enterprise, or Buy Ultimate Edition.
    In addition to all the features that the Enterprise edition supports, the Ultimate edition also supports network topology of containers, threat detection for Kubernetes containers, and threat detection during container runtime. If you have high requirements for container security, we recommend that you click Buy Ultimate Edition. For more information about the features that each edition supports, see Functions and features.
  4. After you click Buy Advanced, Buy Enterprise, or Buy Ultimate Edition, configure the parameters, including Container Image Scan.
    We recommend that you set Container Image Scan to the number of images for which you want to detect container vulnerabilities during the subscription period. Security Center identifies an image based on a unique digest value. If the digest value of an image does not change, the quota specified by Container Image Scan is deducted only by one from the first scan. If the digest value of an image changes and the image is scanned again, the quota specified by Container Image Scan is deducted again. The quota is deducted by one each time the digest value changes. For example, if you want to scan 10 images and the total number of times the digest values of the images change is expected to be 20 within the subscription period, set Container Image Scan to 30. This indicates that the value of Container Image Scan equals the number of images you want to scan plus the number of times the digest values change.

    References:

    • For more information about the billing details, see Billing.
    • For more information about how to configure the parameters on the buy page, see Purchase Security Center.
    Note If you want to use only container image scan of Security Center, you can set Edition to Value-added Plan and Container Image Scan to an appropriate value.
  5. Click Buy Now and complete the payment.

Procedure for users of all paid editions

If you use Security Center Anti-virus, you must upgrade Security Center to the Advanced, Enterprise, or Ultimate edition and specify Container Image Scan before you can enable container image scan. If you use the Advanced, Enterprise, or Ultimate edition of Security Center, you must specify Container Image Scan before you can enable container image scan. For more information, see Upgrade and downgrade Security Center.