Container Image Security Overview

What Is an Image?

An image is a standard format for packaging containerized applications. It is used to create containers. An image is like a special file system. It contains the programs, libraries, resources, configuration files, and parameters (including anonymous volumes, environment variables, and users) required for a runtime. An image does not contain any dynamic data, and its content is unchangeable after creation. When deploying a containerized application, you can use an image from Harbor, container image service, or your private image repository.

What Is Container Image Security?

Container image security aims to ensure the security of images throughout their lifecycle, including development, deployment, and running. It scans for system vulnerabilities, application vulnerabilities, malicious files, software information, file information, unsafe baseline settings, weak passwords, sensitive information, software compliance issues, and base image information. It helps you identify and fix risks, and ensure images have passed strict checks before being deployed in the production environment, so that your system and applications can run stably and securely.

You can scan CI/CD, repository, and local images in any stage of the container lifecycle.

• CI/CD images: During continuous integration (CI) and continuous delivery (CD), you can perform in-depth scans and analysis on container images and eliminate risks before delivery.
• Repository images: You can scan for and eliminate risks in the images stored in repositories (such as Harbor and SWR).
• Local images: You can scan the container images stored or running on servers to enhance local image security.

Statistics can be presented in the risk view or image view. You can check the risks in a specific image or the images affected by a specific risk. This helps you learn and analyze assets and risks in multiple dimensions, monitoring and managing image risks all in one place.