The feature of container image scan detects high-risk and medium-risk system vulnerabilities, application vulnerabilities, malicious samples, configuration risks, and sensitive data in images. The feature also provides suggestions on how to handle these issues and supports end-to-end image risk management.
Container image scan is a value-added feature of Security Center and must be separately purchased. Only users of the Advanced,Enterprise, Ultimate, and Value-added Plan editions can purchase container image scan.
Only the Container Registry instances in the following regions support container image scan: China (Hangzhou), China (Shanghai), China (Beijing), China (Shenzhen), China (Hong Kong), and Singapore.
Items that can be detected
|Image system vulnerability||Supported||Supported||We recommend that you fix image system vulnerabilities at the earliest opportunity based on the fixing commands and impact descriptions provided by Security Center.|
|Image application vulnerability||Supported||Not supported||We recommend that you fix image application vulnerabilities at the earliest opportunity based on the fixing commands and impact descriptions provided by Security Center.|
|Image baseline risk||Supported||Not supported||We recommend that you handle image baseline risks at the earliest opportunity based on the baseline check details provided by Security Center.|
|Malicious image sample||Supported||Not supported||We recommend that you handle malicious file samples at the earliest opportunity based on the information provided by Security Center. The information includes paths to malicious files.|
|Sensitive image file||Supported||Not supported||We recommend that you estimate risks based on the suggestions provided by Security Center, remove sensitive information at the earliest opportunity, and then recreate images.|
Supported operating systems and versions
|Operating system||Operating system version that supports risk detection||Operating system version that supports risk fixing|
|SUSE Linux Enterprise Server||