View image scan results - Security Center - Alibaba Cloud Documentation Center

Background information

You can use container image scan to detect image system vulnerabilities, image application vulnerabilities, baseline risks, malicious image samples, and sensitive image files. You can use the feature to fix only specific image system vulnerabilities. We recommend that you handle risks in containers at the earliest opportunity based on the information provided by Security Center. The information includes fixing commands, impact descriptions, and paths to malicious files.

View risk statistics

Security Center allows you to view the statistics of images with high, medium, and low risks, and the statistics and lists of scanned and unscanned images. This way, you can quickly identify images that are at risk.

Log on to the Security Center console.In the left-side navigation pane, choose Protection Configuration > Container Protection > Image Security.
On the Image Security page, view the following statistics:
- Numbers of images with high, medium, and low risks
  In the upper part of the Image Security page, click the number below High-risk Image, Medium-risk Image, or Low-risk Image. On the Container page, view the details of images.
- View the numbers of scanned images and unscanned images
  In the upper part of the Image Security page, click the number below Scanned Images or Unscanned Image. In the Scanned Images or Unscanned Images panel, view the list of scanned images or unscanned images.
  
  Important The image list in the Unscanned Images panel displays the images that are not scanned and the images that failed to be scanned.

View image system vulnerabilities

Log on to the Security Center console.In the left-side navigation pane, choose Protection Configuration > Container Protection > Image Security.
On the Image Security page, click the Image Vulnerability tab.
On the System Vulnerability tab, view the image system vulnerabilities that are detected.
You can perform the following operations:
- Search for vulnerabilities
  On the System Vulnerability tab, filter vulnerabilities by vulnerability priority, instance ID, repository name, namespace, digest, or vulnerability name. A vulnerability priority can be high, medium, or low. You can also select Image Scan or Container Runtime Image Scan to filter vulnerabilities.
  
  Note You can search for vulnerabilities by repository or vulnerability name. Fuzzy match is supported.
- View vulnerability details
  Find the vulnerability whose details you want to view and click View in the Operation column. On the page that appears, perform the following operations based on your business requirements:
  - View the details of the Alibaba Cloud vulnerability library
    Click the Common Vulnerabilities and Exposures (CVE) ID to go to the Alibaba Cloud vulnerability library. This library displays details of the vulnerability, including the vulnerability description, basic information, and the solution to fix the vulnerability.
  - View the fixing commands and impact descriptions
    Click Details to view the fixing commands and impact descriptions.
    
    Note Security Center does not support quick fixes of image system vulnerabilities. You can manually locate and fix the vulnerabilities based on the fixing commands and impact descriptions. After you fix an image system vulnerability, click Scan Now on the Image Security page to update the vulnerability status on the System Vulnerability tab.
- Export the list of image system vulnerabilities
  You can click the icon in the upper-right corner of the vulnerability list to export the list of image system vulnerabilities with a few clicks.

View image application vulnerabilities

Log on to the Security Center console.In the left-side navigation pane, choose Protection Configuration > Container Protection > Image Security.
On the Image Security page, click the Image Vulnerability tab and then the Image Application Vul tab.
On the Image Application Vul tab, view the image application vulnerabilities that are detected.
You can perform the following operations:
- Search for vulnerabilities
  On the Image Application Vul tab, filter vulnerabilities by vulnerability priority, instance ID, repository name, namespace, digest, or vulnerability name. A vulnerability priority can be high, medium, or low. You can also select Image Scan or Container Runtime Image Scan to filter vulnerabilities.
  
  Note You can search for vulnerabilities by repository or vulnerability name. Fuzzy match is supported.
- View vulnerability details
  Find the vulnerability whose details you want to view and click View in the Operation column. In the vulnerability details panel, perform the following operations based on your business requirements:
  - View the details of the Alibaba Cloud vulnerability library
    Click the CVE ID to go to the Alibaba Cloud vulnerability library. This library displays details of the vulnerability, including the vulnerability description, basic information, and the solution to fix the vulnerability.
  - View the fixing commands and impact descriptions
    Click Details to view the fixing commands and impact descriptions.
- Export the list of image application vulnerabilities
  You can click the icon in the upper-right corner of the vulnerability list to export the list of image application vulnerabilities with a few clicks.

View the results of image baseline checks

Log on to the Security Center console.In the left-side navigation pane, choose Protection Configuration > Container Protection > Image Security.
On the Image Security page, click the Image Baseline Check tab.
On the Image Baseline Check tab, view the results of image baseline checks.
You can perform the following operations:
- Filter the results of image baseline checks
  You can use the filter above the results of image baseline checks to search for results by severity. The severity can be Important, Medium risk, or Low. You can also enter search conditions in the search box above the results of image baseline checks to search for results by baseline name or type.
- View the results of image baseline checks
  In the results of image baseline checks, you can view the information such as Baseline Name/Category, Affected Mirrors, Latest scan time, First Scan Time, and Status.
- View the details of the result of an image baseline check
  In the results of image baseline checks, you can find a baseline and click Details in the Operation column to view the details of the result. You can view information such as the addresses and versions of the images that are affected by the baseline, and the number of baseline risks detected on the images. You can find an image and click Details in the Operation column. In the panel that appears, you can view the details of the risk items of the image.
- Export the results of image baseline checks
  You can click the icon in the upper-right corner of the results of image baseline checks to export the results with a few clicks.

View malicious image samples

Log on to the Security Center console.In the left-side navigation pane, choose Protection Configuration > Container Protection > Image Security.
On the Image Security page, click the Image Malicious Sample tab.
On the Image Malicious Sample tab, view the detected malicious image samples.
Important A malicious image sample may change the memory attributes from readable and writable to readable and executable or modify the network proxy settings to intrude into your server. We recommend that you handle the malicious image samples at the earliest opportunity.

You can perform the following operations:
- Search for malicious image samples
  In the upper-left corner of the list of malicious image samples, select Urgent, Suspicious, or Notice to query malicious image samples. You can also filter malicious image samples by instance ID, repository name, namespace, digest, or malicious sample name.
- View malicious image samples
  In the list of malicious image samples, you can view the sample names, number of affected images, first scan time, last scan time, and processing status.
- View the details of a malicious image sample
  Find the malicious image sample whose details you want to view and click Details in the Operation column.
- Export the list of malicious image samples
  You can click the icon in the upper-right corner of the sample list to export the list of malicious image samples with a few clicks.

View sensitive image files

Log on to the Security Center console.In the left-side navigation pane, choose Protection Configuration > Container Protection > Image Security.
On the Image Security page, click the Sensitive Image File tab.
On the Sensitive Image File tab, view the detected sensitive image files.
You can perform the following operations:
- Search for sensitive image files
  In the upper-left corner of the list of sensitive image files, select High, Medium, or Low to query sensitive image files. You can also filter sensitive image files by alert type of sensitive files or type of sensitive information.
- View sensitive image files
  In the list of sensitive image files, you can view the alert types of sensitive files, types of sensitive information, number of affected images, first scan time, and last scan time.
- View the details of a sensitive image file
  To view the images that are affected by a sensitive image file, find the sensitive image file and click Details in the Operation column. To view the sensitive image files that affect an image, find the affected image and click Details in the Operation column. We recommend that you estimate risks based on your business requirements, remove file content that may cause security risks, and then recreate the image.

Security Center:View image scan results

Prerequisites