Viewing and Handling Repository Image Scan Results

Scenarios

HSS can present image security statistics in the risk view and image view, helping you comprehensively learn, locate, and fix image risks.

• Risk view: View all the scan results of a risk, for example, a system vulnerability, application vulnerability, malicious file, unsafe setting, sensitive information risk, or software compliance issue.
• Image view: View the scan results of an image. The results include system vulnerabilities, application vulnerabilities, malicious files, software information, file information, unsafe baseline settings, sensitive information, software compliance, and base image information.

You can view and handle repository image scan results in Risk View or Image View.

Viewing and Handling Repository Image Scan Results in the Risk View

1. Log in to the management console.
2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
3. In the navigation pane on the left, choose Risk Management > Container Images.
4. Click the Risk View tab. Click a risk sub-tab, and select Repository Images from the drop-down list. Check and handle scan results. For details, see Table 1.

   Image names are not displayed for some risks. You can export risk results to obtain these image names and image tags.

   Table 1 Image scan results

   Risk Type	Description
   Vulnerability Reports (system and application vulnerabilities)	Results of OS and application vulnerability scans. You can: View vulnerability details Click a vulnerability name. On the vulnerability details page, view the vulnerability notice, CVE (for system vulnerabilities only), suggestions, affected images, and handling history. Handle vulnerabilities Ignore If a vulnerability does not need to be handled for now, you can ignore it. It will still be displayed in future scan results. Add to whitelist If a vulnerability does not affect your services, you can add it to the whitelist. Fix Fix the vulnerability by referring to the suggestions in the vulnerability details.
   Malicious Files	Detected malicious image files. Their file names, paths, and sizes are displayed. You can locate and remove malicious files accordingly.

Viewing and Handling Repository Image Scan Results in the Image View

1. Log in to the management console.
2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
3. In the navigation pane on the left, choose Risk Management > Container Images.
4. Click the Image View tab.
5. Click the Repository Images tab.
6. In the Operation column of an image, click View Results to go to the image details page.
7. View and handle risk scan results. For details, see Table 2.

   Table 2 Image scan result parameters

   Risk Type	Description
   Vulnerability Reports	Results of OS and application vulnerability scans. You can: View vulnerability details Click a vulnerability name to go to its details page. View the vulnerability description, urgency, and affected images. Handle vulnerabilities Ignore If a vulnerability does not need to be handled for now, you can ignore it. It will still be displayed in future scan results. Add to whitelist If a vulnerability does not affect your services, you can add it to the whitelist. Fix To fix a system vulnerability, upgrade the software affected by it. Click To upgrade the affected software to go to the security notice details page. View the affected components, CVE, and more information. To fix an application vulnerability, hover the cursor over the solution description of a vulnerability to view the solution. To install a patch, access the patch installation guide link provided in the solution, and install the patch accordingly.
   Malicious Files	Scan results of malicious image files, including the file names, paths, and file sizes. You can locate and remove malicious files accordingly.
   Software Information	Statistical results of image software, including the software names, types, versions, and number of software vulnerabilities. Click next to a software name to view its vulnerability name, urgency, and solution.
   File Information	Statistical results of image files, including their file names, paths, and sizes. You can check and remove abnormal files accordingly.
   Unsafe Settings	Results of image baseline checks, including the configuration check, password complexity policy check, and common weak password check. You can perform operations based on the check type. Unsafe settings View unsafe settings and suggestions. Click a baseline name to view check items. In the Check Item column of a check item, click View Details. Check the item description and suggestions. Password complexity policies Fix unsafe settings in a password complexity policy. Common weak passwords The names and types of accounts using weak passwords are displayed. Log in to the accounts and set strong passwords for them. To let HSS scan for user-defined weak passwords, perform the following operations: Click the Common Weak Password Detection tab and click Manage Weak Password. Configure weak passwords and click OK.
   Sensitive Information	Sensitive image information, including risk levels, image paths, file paths, and sensitive information. To exclude certain paths from the sensitive file scan, choose Exclude Path from Scan and add the paths. Only Linux system file paths can be specified. Up to 20 paths are allowed. Put each path on a separate line. Example: /usr/ or /lib/test.txt.
   Software Compliance	Non-compliant image software, including the software names, versions, paths, and image layers.
   Base Images	Scan results of the base image scan used by a service image. The results include the image name, version, and image layer path.