Help Center > > Service Overview> CGS


Updated at: May 27, 2021 GMT+08:00

Container Guard Service (CGS) scans vulnerabilities and configurations in images, helping enterprises detect the container environment, which cannot be achieved by the traditional security software. CGS also delivers functions such as process whitelist configuration, read-only file protection, and container escape detection to minimize the security risks for a running container.


  • Image

    An image is a special file system. It provides not only programs, libraries, resources, configuration files but also some configuration parameters required for a running container. An image does not contain any dynamic data, and its content is unchangeable after creation.

  • Container

    A container is the instance of an image and can be created, started, stopped, deleted, and suspended.

Figure 1 describes the relationships between images, containers, and applications.
  • Multiple containers can be started for an image.
  • An application may include one or a set of containers.
Figure 1 Relationships between images, containers, and applications

Deployment Architecture

Figure 2 shows the CGS deployment architecture and Table 1 describes its key components.
Figure 2 CGS deployment architecture
Table 1 Key CGS components



CGS Container

Runs on each container node (host) to scan all container images on the node for image vulnerabilities, implement security policies, and collect exceptions.

Management Master

Manages and maintains CGS Containers.

Security Intelligence

Provides a security information knowledge base containing vulnerability and malicious program libraries, as well as big data AI training models.

Management console

Provides a console for users to use CGS.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?

Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel