The feature of container image scan detects and identifies high-risk system vulnerabilities, application vulnerabilities, malicious samples, configuration risks, and sensitive data in images. It also provides suggestions on how to handle these issues and end-to-end vulnerability management. This makes image vulnerability fixes easier.
Background information
Container image scan is a value-added feature of Security Center and must be separately purchased. Only users of the Advanced,Enterprise, Ultimate, and Value-added Plan editions can purchase container image scan.
Supported regions
Only the Container Registry instances in the following regions support container image scan: China (Hangzhou), China (Shanghai), China (Beijing), China (Shenzhen), China (Hong Kong), and Singapore (Singapore).
Items that can be detected
Item | Detection | Fixing | Remarks |
---|---|---|---|
Image system vulnerability | Supported | Supported | We recommend that you fix image system vulnerabilities at the earliest opportunity based on the fixing commands and impact descriptions provided by Security Center. |
Image application vulnerability | Supported | Not supported | We recommend that you fix image application vulnerabilities at the earliest opportunity based on the fixing commands and impact descriptions provided by Security Center. |
Image baseline risk | Supported | Not supported | We recommend that you handle image baseline risks at the earliest opportunity based on the baseline check details provided by Security Center. |
Malicious image sample | Supported | Not supported | We recommend that you handle malicious file samples at the earliest opportunity based on the information provided by Security Center. The information includes paths to malicious files. |
Supported operating systems and versions
Operating system | Version |
---|---|
Red Hat | 5, 6, and 7 |
CentOS | 5, 6, and 7 |
Ubuntu | 12.04, 14.04, 16.04, 18.04, and 18.10 |
Debian | 6, 7, 8, 9, and 10 |
Alpine |
|
Amazon Linux |
|
Oracle Linux | 5, 6, 7, and 8 |
SUSE Linux Enterprise Server |
|
Fedora Linux | 2X and 3X |
openSUSE |
|
References
View the security information of containers
Use threat detection on Kubernetes containers
Use the runtime security feature to monitor ACK clusters and configure alerts