Help Center/ Host Security Service/ User Guide/ Installation and Configuration on Containers/ CI/CD Image Security Scan/ Editing the Blacklist or Whitelist
Updated on 2025-01-08 GMT+08:00
View PDF
Share

Editing the Blacklist or Whitelist

Scenario

The blacklist and whitelist can control image blocking during image building. They can be configured during CI/CD access. This section describes how to add or modify blacklist or whitelist items after the CI/CD access configuration is complete.

Editing the Blacklist or Whitelist

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  3. In the navigation pane, choose Installation & Configuration > Container Install & Config.
  4. Click the CI/CD Access Settings tab.
  5. In the row of a CI/CD identifier, click Edit Blacklist/Whitelist in the Operation column.
  6. In the slide-out panel that is displayed, edit the vulnerability whitelist, vulnerability blacklist, and image whitelist.

    Figure 1 Editing the blacklist or whitelist
    Table 1 Blacklist and whitelist parameters

    Parameter

    Description

    Vulnerability Whitelist

    During CI/CD pipeline building, if an image only has whitelist vulnerabilities, the CI/CD pipeline is not blocked.

    If you believe a high-risk vulnerability does not affect your services, you can add it to the vulnerability whitelist.

    Enter one or multiple vulnerability names. Put each vulnerability name on a separate line.

    You can remove a vulnerability from the whitelist.

    Vulnerability Blacklist

    During CI/CD pipeline building, if an image has a blacklisted vulnerability, the CI/CD pipeline is blocked.

    If you believe a low-risk vulnerability severely affects your services, you can add it to the vulnerability blacklist.

    Enter one or multiple vulnerability names. Put each vulnerability name on a separate line.

    You can remove a vulnerability from the blacklist.

    Image Whitelist

    During CI/CD pipeline building, if the image is found to have risks, the CI/CD pipeline is not blocked.

    Enter one or multiple image names to add them to the whitelist. Put each image name on a separate line.

    Image name format:

    • Local image: Image_name:Version
    • Remote image: Organization_name/Image_name:Version

    You can remove an image from the whitelist.

  7. After the editing is complete, click OK.
Parent Topic: CI/CD Image Security Scan