Security Center CI/CD scans container images for security risks during Jenkins or GitHub project builds. It detects high-risk system vulnerabilities, application vulnerabilities, viruses, webshells, malicious scripts, configuration risks, and sensitive data — and provides remediation suggestions so you can resolve issues before they reach production.
Supported editions
This feature is available in the Advanced, Enterprise, Ultimate, and Value-added Plan editions. The Basic and Anti-virus editions do not support this feature. To upgrade, see Purchase Security Center and Upgrade and downgrade Security Center. For a full feature comparison across editions, see Features.
How it works
The scan plug-in embeds directly into your build pipeline — no image syncing required. Each time your pipeline runs:
Security Center automatically scans the container image for security risks.
Scan results appear on the CI/CD tab in the Security Center console.
Review the results and resolve any detected security risks using the provided remediation suggestions.
Supported platforms
Jenkins Freestyle project
Jenkins Pipeline project
GitHub Actions
Prerequisites
Before integrating the plug-in, make sure your environment meets the following requirements.
Server specifications
| Requirement | Minimum | Optimal |
|---|---|---|
| vCPUs | 1 | 4 |
| Memory | 2 GB | 8 GB |
| Storage | 60 GB | 100 GB |
Network access
Your server must be able to:
Connect to the internet
Access
tds.ap-southeast-1.aliyuncs.com(Optimal) Provide at least 10 Mbps upstream bandwidth
Permissions and credentials
Prepare the following before you begin:
An access token for the Security Center CI/CD plug-in (obtained in step 1)
An AccessKey pair for the Alibaba Cloud account or RAM user that creates image scan tasks (obtained in step 3)
If using a RAM user: the dedicated image scan policy attached to that RAM user (configured in step 2)
Integrate the CI/CD plug-in
Step 1: Get an access token
Obtain a token for the Security Center CI/CD plug-in.
Step 2: (Optional) Set up a RAM user for image scanning
If you want to run image scan tasks under a RAM user instead of the root Alibaba Cloud account, create a RAM user and attach the dedicated image scan policy.
Skip this step if you plan to use the root Alibaba Cloud account.
Step 3: Get an AccessKey pair
Get the AccessKey pair for the account (or RAM user from step 2) that will create image scan tasks. Use an existing AccessKey or create a new one.
The AccessKey secret is shown only once when created. Store it securely — it cannot be retrieved later.
Step 4: Install the plug-in
Install the Security Center CI/CD plug-in in your build environment. Follow the guide for your platform:
Step 5: Review scan results
After the plug-in is integrated, Security Center scans your images automatically on every build. View image scan results in the Security Center console and resolve any detected security risks using the provided remediation suggestions.