CGS
Container Guard Service (CGS) scans vulnerabilities and configurations in images, helping enterprises detect the container environment, which cannot be achieved by the traditional security software. CGS also delivers functions such as process whitelist configuration, read-only file protection, and container escape detection to minimize the security risks for a running container.
Concepts
- Image
An image is a special file system. It provides not only programs, libraries, resources, configuration files but also some configuration parameters required for a running container. An image does not contain any dynamic data, and its content is unchangeable after creation.
- Container
A container is the instance of an image and can be created, started, stopped, deleted, and suspended.
- Multiple containers can be started for an image.
- An application may include one or a set of containers.
Deployment Architecture
|
Component |
Description |
|---|---|
|
CGS Container |
Runs on each container node (host) to scan all container images on the node for image vulnerabilities, implement security policies, and collect exceptions. |
|
Management Master |
Manages and maintains CGS Containers. |
|
Security Intelligence |
Provides a security information knowledge base containing vulnerability and malicious program libraries, as well as big data AI training models. |
|
Management console |
Provides a console for users to use CGS. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
