Managing SWR Shared Images
You can manually scan for and check reports on software compliance, base image information, vulnerabilities, malicious files, software information, file information, baseline check, sensitive information. This section describes how to perform security scans on SWR shared images and view scan reports.
Constraints
- Only the HSS container edition supports this function. For details about how to purchase and upgrade HSS, see Purchasing an HSS Quota and Upgrading Your Edition.
- Security scans can be performed only on Linux images.
Viewing SWR Shared Images
- Log in to the management console.
- In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
- In the navigation pane, choose Asset Management > Containers & Quota.
If your servers are managed by enterprise projects, you can select the target enterprise project to view or operate the asset and detection information.
- Click the Container Images tab and click SWR shared image to view the shared image list.
You can view the version, size, organization, security risks, and owner of a shared image.Figure 1 Viewing shared images
Scanning SWR Shared Images
You can manually scan SWR shared images in the Valid state. The duration of a security scan depends on the image size. Generally, an image can be scanned within 3 minutes. After the scan is complete, click View Report to view the security report.
The following scan items are supported.
Scan Item |
Description |
---|---|
Vulnerability |
Detects system and application vulnerabilities in images. |
Malicious file |
Detects malicious files in images. |
Software information |
Collects software information in an image. |
File information |
Collects file information in an image. |
Unsafe setting |
|
Sensitive information |
Detects files that contain sensitive information in images.
|
Software compliance |
Detects software and tools that are not allowed to be used. |
Basic image information |
Detects service images that are not created using base images. |
- Log in to the management console and go to the HSS page.
- In the navigation pane, choose Asset Management > Containers & Quota.
If your servers are managed by enterprise projects, you can select the target enterprise project to view or operate the asset and detection information.
- Click the Container Images tab and click SWR shared image.
- Performs a security scan for a single image or multiple images.
- You can perform a security scan only when the status is Valid.
- Multi-architecture images do not support batch scan or full scan.
- A full scan takes a long time and cannot be interrupted after it starts. Exercise caution when performing this operation.
- Single image security scan
In the Operation column of the target image, click Scan to perform security scan.
- Batch image security scan
Select all target images and click Scan above the image list to perform security scan for multiple target images.
- Full image security scan
Click Scan All above the image list to perform a security scan for all images.
- In the displayed dialog box, click OK to start the scan job.
After a full scan task is started, you can move the cursor over the gray Scan All button to view the scan progress.
- The image security scan is complete, when the Scan Status changes to Completed and the Latest Scan Completed shows the latest task execution time.
Checking the Security Reports of SWR Shared Images
After the scanning is complete, you can view the security reports.
- Log in to the management console and go to the HSS page.
- In the navigation pane, choose Asset Management > Containers & Quota.
- Click the Container Images tab and click SWR shared image.
- In the Operation column of the target image, click View Report. The security scan report page is displayed.
- Check the SWR shared image security report. For more information, see Table 1.
Exporting the SWR Shared Image Vulnerability or Baseline Report
Vulnerability reports cannot be exported for multi-architecture images.
- Log in to the management console and go to the HSS page.
- In the navigation pane, choose Asset Management > Containers & Quota.
- Click the Container Images tab and click SWR shared image.
- Click Export Vulnerability above the image list and select a report type to export the vulnerability or baseline report.
If you want to export the vulnerability report of a specified image, select the image type in the search box and click Export Vulnerability.
- View the export status in the upper part of the container management page. After the export is successful, obtain the exported information from the default file download address on the local host.
Do not close the browser page during the export. Otherwise, the export task will be interrupted.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.