Help Center/ Host Security Service/ User Guide/ Risk Management/ Container Image Security/ Local Image Security Scan/ Scanning Local Images
Updated on 2025-09-08 GMT+08:00
View PDF
Share

Scanning Local Images

Scenarios

After the HSS agent is installed on a cluster node, the agent immediately starts synchronizing local image information to the HSS console. The information is updated every 24 hours.

After the local image information is displayed, you can manually scan the images.

Manually Scanning Local Images

  1. Log in to the HSS console.
  2. Click in the upper left corner and select a region or project.
  3. In the navigation pane on the left, choose Risk Management > Container Images.
  4. In the upper right corner of the page, click Scan.

    To scan a single image, click the Image View tab, click Scan in the Operation column of the image.

  5. Click the Local Images tab and configure parameters. For details, see Table 1.

    Figure 1 Manually scanning local images
    Table 1 Local image scan parameters

    Parameter

    Description

    Example Value

    Risk Type

    Select Vulnerability, if needed.

    HSS scans for software information by default. You do not need to select it.

    Select All

    Image Scope

    Select All or Specific.

    A full scan takes a long time and cannot be stopped once started. Exercise caution when performing this operation.

    Specific

  6. Click OK.
  1. In the upper right corner of the page, click Manage Task Click the Image Scan tab to view the scan status.

    The duration of a security scan depends on the scanned image size. Generally, an image can be scanned within 3 minutes.

  2. After the image scan task is complete, return to Image View. You can view the scan status of each image. For details, see Table 2.

    Table 2 Risk status

    Status

    Description

    Pending

    The image is not scanned.

    Scanning

    The image is being scanned.

    Succeeded

    The image has been scanned. You can view the scan results.

    Failed

    An error or problem occurred during image scan. As a result, the scan failed.

    To be scanned

    A scan task has been created, and the image is waiting to be scanned.

    Scan terminated

    The scan task has been canceled, and the image scan has been stopped.

Stopping a Scan Task

You can stop a running scan task.

Constraints

  • The following permissions are required for stopping a scan:
    • HSS permission: batch image scan (hss:images:set) or container asset management (hss:containers:set)
    • Namespace permission (Kubernetes RBAC): the permission for deleting job or cronjob resources in HSS namespaces

Procedure

  1. In the upper right corner of the Container Images page, click Manage Task.
  2. Click the Image Scan tab.
  3. In the Operation column of a task, click Cancel Scan.
  4. If Cancelled is displayed in the Scan Status column of the task, the scan has been canceled.
Parent Topic: Local Image Security Scan