The feature of container image scan detects high-risk and medium-risk system vulnerabilities, application vulnerabilities, malicious samples, configuration risks, and sensitive data in images. The feature also provides suggestions on how to handle these issues and supports end-to-end image risk management.

Limits

Container image scan is a value-added feature of Security Center and must be separately purchased. Only users of the Advanced,Enterprise, Ultimate, and Value-added Plan editions can purchase container image scan.

Supported regions

Only the Container Registry instances in the following regions support container image scan: China (Hangzhou), China (Shanghai), China (Beijing), China (Shenzhen), China (Hong Kong), and Singapore.

Items that can be detected

Item Detection Fixing Remarks
Image system vulnerability Supported Supported We recommend that you fix image system vulnerabilities at the earliest opportunity based on the fixing commands and impact descriptions provided by Security Center.
Image application vulnerability Supported Not supported We recommend that you fix image application vulnerabilities at the earliest opportunity based on the fixing commands and impact descriptions provided by Security Center.
Image baseline risk Supported Not supported We recommend that you handle image baseline risks at the earliest opportunity based on the baseline check details provided by Security Center.
Malicious image sample Supported Not supported We recommend that you handle malicious file samples at the earliest opportunity based on the information provided by Security Center. The information includes paths to malicious files.
Sensitive image file Supported Not supported We recommend that you estimate risks based on the suggestions provided by Security Center, remove sensitive information at the earliest opportunity, and then recreate images.

Supported operating systems and versions

Operating system Operating system version that supports risk detection Operating system version that supports risk fixing
Red Hat
  • Red Hat 5
  • Red Hat 6
  • Red Hat 7
 None
CentOS
  • CentOS 5
  • CentOS 6
  • CentOS 7
  • CentOS 7
  • CentOS 8
Ubuntu
  • Ubuntu 12.04
  • Ubuntu 14.04
  • Ubuntu 16.04
  • Ubuntu 18.04
  • Ubuntu 18.10
  • Ubuntu 14
  • Ubuntu 16
  • Ubuntu 18
Debian
  • Debian 6
  • Debian 7
  • Debian 8
  • Debian 9
  • Debian 10
  • Debian 9
  • Debian 10
Alpine
  • Alpine 2.3
  • Alpine 2.4
  • Alpine 2.5
  • Alpine 2.6
  • Alpine 2.7
  • Alpine 3.1
  • Alpine 3.2
  • Alpine 3.3
  • Alpine 3.4
  • Alpine 3.5
  • Alpine 3.6
  • Alpine 3.7
  • Alpine 3.8
  • Alpine 3.9
  • Alpine 3.10
  • Alpine 3.11
  • Alpine 3.12
 Alpine 3.9
Amazon Linux
  • Amazon Linux 2
  • Amazon Linux AMI
 None
Oracle Linux
  • Oracle Linux 5
  • Oracle Linux 6
  • Oracle Linux 7
  • Oracle Linux 8
 None
SUSE Linux Enterprise Server
  • SUSE Linux Enterprise Server 5
  • SUSE Linux Enterprise Server 6
  • SUSE Linux Enterprise Server 7
  • SUSE Linux Enterprise Server 8
  • SUSE Linux Enterprise Server 9
  • SUSE Linux Enterprise Server 10
  • SUSE Linux Enterprise Server 10 SP4
  • SUSE Linux Enterprise Server 11 SP3
  • SUSE Linux Enterprise Server 12 SP2
  • SUSE Linux Enterprise Server 12 SP5
 None
Fedora Linux
  • Fedora Linux 2X
  • Fedora Linux 3X
 None
openSUSE
  • openSUSE 10.0
  • openSUSE Leap 15.2
  • openSUSE Leap 42.3
 None