The feature of container image scan detects and identifies high-risk system vulnerabilities, application vulnerabilities, malicious samples, configuration risks, and sensitive data in images. It also provides suggestions on how to handle these issues and end-to-end vulnerability management. This makes image vulnerability fixes easier.
Container image scan is a value-added feature of Security Center and must be separately purchased. Only users of the Advanced,Enterprise, Ultimate, and Value-added Plan editions can purchase container image scan.
Only the Container Registry instances in the following regions support container image scan: China (Hangzhou), China (Shanghai), China (Beijing), China (Shenzhen), China (Hong Kong), and Singapore (Singapore).
Items that can be detected
|Image system vulnerability||Supported||Supported||We recommend that you fix image system vulnerabilities at the earliest opportunity based on the fixing commands and impact descriptions provided by Security Center.|
|Image application vulnerability||Supported||Not supported||We recommend that you fix image application vulnerabilities at the earliest opportunity based on the fixing commands and impact descriptions provided by Security Center.|
|Image baseline risk||Supported||Not supported||We recommend that you handle image baseline risks at the earliest opportunity based on the baseline check details provided by Security Center.|
|Malicious image sample||Supported||Not supported||We recommend that you handle malicious file samples at the earliest opportunity based on the information provided by Security Center. The information includes paths to malicious files.|
Supported operating systems and versions
|Red Hat||5, 6, and 7|
|CentOS||5, 6, and 7|
|Ubuntu||12.04, 14.04, 16.04, 18.04, and 18.10|
|Debian||6, 7, 8, 9, and 10|
|Oracle Linux||5, 6, 7, and 8|
|SUSE Linux Enterprise Server||
|Fedora Linux||2X and 3X|