Help Center> Host Security Service (New)> User Guide> Risk Prevention> Container Image Security> Container Image Vulnerabilities
Updated on 2023-01-20 GMT+08:00
View PDF

Container Image Vulnerabilities

This section describes how to check the vulnerabilities on the local image and determine whether to ignore the vulnerabilities.

Detection Method

After you enable cluster protection, your clusters are automatically scanned.

Prerequisite

The cluster protection function has been enabled.

Constraints

  • Only Linux servers are supported.
  • Servers that are not protected by HSS enterprise, premium, WTP, or container editions cannot perform container-related operations.

Viewing Vulnerabilities in Private Images

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.

    Figure 1 Accessing HSS

  3. In the displayed dialog box, click Try the new edition to switch to the HSS (New) console.

    • Currently, HSS is available in the following regions: CN South-Guangzhou, CN-Hong Kong, AP-Bangkok, and AP-Singapore.
    • On the HSS (New) console, you can click Back to Old Console in the upper left corner to switch to the HSS (Old) console.
    • If cloud scan is not enabled or you access the HSS (New) console for the first time, the Enable Cloud Scan? dialog box is displayed. You are advised to select Enable cloud scan.
      • The cloud scan function is free of charge.
      • After the cloud scan function is enabled, all HSS servers will be scanned. Some HSS quota editions can support only limited scanning capabilities. Therefore, you are advised to purchase the enterprise edition or higher to enjoy all capabilities of the cloud scan function.
      Figure 2 Enabling cloud scan

  4. In the navigation pane on the left, choose Prediction > Container Images. On the displayed page, click Image Vulnerabilities and click Private Image Vulnerabilities to view private image vulnerabilities.

    Click a risky image to check its vulnerability overview, including the vulnerability name, urgency, status, the number of affected images, and vulnerability description.

    Figure 3 Viewing vulnerabilities in private images
    Table 1 Parameter description

    Parameter

    Description

    Operation

    Vulnerability Name

    -
    • Click to view the details of a vulnerability, including CVE ID, CVSS Score, Disclosed, and Vulnerability Details.
    • Click the name of a vulnerability to view the images affected by the vulnerability. For details, see 5.

    Repair Urgency

    Shows whether the vulnerability should be repaired immediately.

    -

    Historically Affected Images

    Shows the number of images that have been affected.

    -

    Solution

    Provides a solution to fix the vulnerability.

    Click the link in the Solution column to view the solution.

  5. Click the vulnerability name to view its basic information and affected images.

    Figure 4 Vulnerability details

Canceling Ignoring a Vulnerability

  • Go to the vulnerability list, select the ignored vulnerability, and click Unignore in the upper left corner of the vulnerability list to cancel ignoring a vulnerability.
  • Go to the image list affected by the ignored vulnerability. In the Operation column of the image, click Unignore to cancel ignoring a vulnerability.
  • Go to the vulnerability list in the image. In the row containing the ignored vulnerability, click Unignore in the Operation column to cancel ignoring a vulnerability.
Parent topic: Container Image Security