The feature of container image scan detects high-risk and medium-risk system vulnerabilities, application vulnerabilities, malicious samples, configuration risks, and sensitive data in images. The feature also provides suggestions on how to handle these issues and end-to-end vulnerability management.
Container image scan is a value-added service provided by Security Center and must be separately purchased. Only users of the Advanced,Enterprise, Ultimate, and Value-added Plan editions can purchase container image scan. If you use this feature, you are charged based on the number of times images are scanned and the number of scanned images. The fee per scan for each image is USD 0.3.
Only the Container Registry instances in the following regions support container image scan: China (Hangzhou), China (Shanghai), China (Beijing), China (Shenzhen), China (Hong Kong), and Singapore (Singapore).
Items that can be detected
|Image system vulnerability||Supported||Supported||We recommend that you fix image system vulnerabilities at the earliest opportunity based on the fixing commands and impact descriptions provided by Security Center.|
|Image application vulnerability||Supported||Not supported||We recommend that you fix image application vulnerabilities at the earliest opportunity based on the fixing commands and impact descriptions provided by Security Center.|
|Image baseline risk||Supported||Not supported||We recommend that you handle image baseline risks at the earliest opportunity based on the baseline check details provided by Security Center.|
|Malicious image sample||Supported||Not supported||We recommend that you handle malicious file samples at the earliest opportunity based on the information provided by Security Center. The information includes paths to malicious files.|
Supported operating systems and versions
|Operating system||Operating system version that supports risk detection||Operating system version that supports risk fixing|
|SUSE Linux Enterprise Server||