After you install a CI/CD plug-in on Jenkins or GitHub, Security Center scans images in a Jenkins or GitHub project for risks when you build the project. This topic describes how to navigate to the scan results and handle detected risks.
Prerequisites
Before you begin, ensure that you have:
A CI/CD plug-in installed on Jenkins or GitHub
Access to the Security Center console
View image scan results
Log on to the Security Center console. In the left-side navigation pane, choose Protection Configuration > Container Protection > CI/CD Integration Settings.
In the CI/CD plug-in list, find the plug-in used to scan images and click View in the Actions column. The Container page appears.
On the Image tab, view the image scan results. The image list shows recently scanned images. To locate a specific image, search by image ID or image tag.
Find the image whose risks you want to handle and click Handle in the Actions column. The image details page appears. The image details page organizes findings into four categories: Image System Vul, Image Application Vul, Image Baseline Check, and Image Malicious Sample. To narrow down results, filter vulnerabilities by priority using the filter in the upper-left corner of the vulnerability list, or search for specific vulnerabilities.
To view details about a specific vulnerability, click View in the Operation column. The details page shows the affected assets, the command to fix the vulnerability, and additional context.
What's next
After reviewing the vulnerability details, run the fix command shown on the details page to remediate the issue.