Overview - Security Center - Alibaba Cloud Documentation Center

Security Center provides the feature of CI/CD-based container image scan to detect image risks in an efficient manner. The feature is intended for the project building stage on Jenkins and GitHub. The feature can detect high-risk system vulnerabilities, application vulnerabilities, viruses, webshells, execution of malicious scripts, and configuration risks, and help you identify sensitive data on images. The feature also provides solutions to detected image risks.

Limits

Only the Advanced, Enterprise, Ultimate, and Value-added Plan editions of Security Center support the feature. If you do not use one of these editions, you must upgrade Security Center to the Advanced, Enterprise, Ultimate, or Value-added Plan edition before you can use the feature. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center. For more information about the features that each edition supports, see Features.

Implementation

To use CI/CD-based container image scan, you need to only install the CI/CD plug-in on Jenkins or GitHub to allow Security Center to automatically scan images for risks when you build projects in Jenkins or GitHub. You do not need to synchronize your images to Security Center for risk scans. After the scan is complete, the scan result is displayed on the CI/CD tab of the Assets page in the Security Center console. The CI/CD plug-in is used to scan images. You can handle image risks based on the scan result.

Scenarios

The following list describes the scenarios in which you can use CI/CD-based container image scan:

Jenkins Freestyle project
Jenkins Pipeline project
GitHub Actions

Prerequisites

Your server meets the minimum configuration requirements. This prevents slow image scans.

Minimum configuration settings
- Number of CPU cores: 1.
- Memory: 2 GB.
- Storage capacity: 60 GB.
- Network: The server is available over the Internet and can access the Alibaba Cloud service whose endpoint is tds.ap-southeast-1.aliyuncs.com.
Optimal configuration settings
- Number of CPU cores: 4.
- Memory: 8 GB.
- Storage capacity: 100 GB.
- Network: The server is available over the Internet and can access the Alibaba Cloud service whose endpoint is tds.ap-southeast-1.aliyuncs.com. The upstream bandwidth is greater than 10 Mbit/s.