Updated on 2025-09-19 GMT+08:00

Scanning an Image

Scenarios

You can scan your private images in SWR to check for vulnerabilities in just a few clicks and use the recommended solutions to mitigate the vulnerabilities, if any.

Constraints

  • Currently, image scanning is only supported in CN North-Beijing1, CN North-Beijing4, CN East-Shanghai1, CN East-Shanghai2, and CN South-Guangzhou.
  • You must have HSS permissions. For details, see Fine-grained HSS Authorization.

    You will be billed by HSS for image scanning. For details, see HSS Billing Overview.

  • Multi-architecture images cannot be scanned.

Procedure

  1. Log in to the SWR console.
  2. In the navigation pane, choose My Images. Then click the image you want to scan.

    Before executing an image scanning task, ensure that at least one private image is available in My Images. If no private image is available, push one by referring to Pushing an Image.

  3. On the Tags tab, locate the image tag you want to scan and click Scan in the Operation column.

    You can scan an image only after it is synchronized to HSS. If the image to be scanned has not been synchronized to HSS, a dialog box is displayed. Click Synchronize.

  4. Click Scan and wait for the result.

    • Vulnerability Name: the name of the vulnerability found on the image
    • Severity Level: the severity of the vulnerability. You can determine whether immediate action is required based on the severity level.
    • Software Information: version information about the software affected by the vulnerability
    • Solution: solution to the vulnerability. Click the link in the Solution column to view the solution.

If the image scanning fails, rectify the fault by referring to the following table.

Table 1 Causes and solutions for repository image scan failures

Failure Cause

Solution

Access to SWR failed.

Submit a service ticket to request technical support.

Insufficient SWR permissions.

Complete the authorization. For details, see Authorization Methods.

The image details could not be obtained. The image was not found in the repository.

On the Host & Container Security Service console, choose Risk Management > Container Images > in the navigation pane, click the Repository Images tab, and click Synchronize Images to update the image list and check whether the image exists.

Failed to download the image.

Submit a service ticket to request technical support.

The image is oversized.

The total image size cannot exceed 50 GB. You are advised to simplify images.

The image has too many layers.

An image can contain a maximum of 127 layers, and each layer cannot exceed 10 GB. You are advised to simplify images.

Schema v1 images cannot be scanned.

You are advised to upgrade schema v1 images to v2.

If the image scanning duration exceeds 3 hours, the system automatically stops the scanning.

You are advised to simplify images.

For more information about container image scanning, see Repository Image Security Scan.