Updated on 2022-10-08 GMT+08:00

Managing Local Images

Local images are container images that are used and started in the CCE cluster. CGS can scan these images. The local image list displays the basic information and security status of images.

This section describes how to view basic image information and vulnerability reports, and how to manage associated policies.

Prerequisites

  • CGS service authorization has been approved.
  • The cluster protection function has been enabled.

Viewing Local Images

  1. Log in to the management console.
  2. In the upper part of the page, select a region, click , and choose Security & Compliance > Container Guard Service.
  3. In the navigation pane on the left, choose Images.
  4. Click the Local Images tab.

    Table 1 Local image parameters

    Parameter

    Description

    Operation

    Image Name

    Image name

    Click next to the name of an image to view its versions.

    Image ID

    Image ID

    -

    Scan Status

    Status of the image scan

    -

    Number of Vulnerabilities

    Number of vulnerabilities detected in the image

    -

    Associated Policies

    Number of policies applied in an image

    -

Viewing Basic Information About a Local Image

  1. Log in to the management console.
  2. In the upper part of the page, select a region, click , and choose Security & Compliance > Container Guard Service.
  3. In the navigation pane on the left, choose Images.
  4. Click the Local Images tab and click an image name to view its basic information.
  5. View the basic information about the image version, as shown in Figure 1.

    Figure 1 Basic information about a local image

Viewing Vulnerabilities in Local Images

After the scanning is complete, you can view the vulnerability report.

  1. Log in to the management console.
  2. In the upper part of the page, select a region, click , and choose Security & Compliance > Container Guard Service.
  3. In the navigation pane on the left, choose Images.
  4. Click the Local Images tab. In the row containing the image whose vulnerability report you want to view, click View Report in the Operation column.
  5. On the Vulnerability Reports tab, check the detected image vulnerabilities.

    You can perform the following operations:
    • Check the number and percentage of vulnerabilities of each urgency level.

      You can check the total number of vulnerabilities and the numbers of urgent and minor vulnerabilities.

    • View vulnerabilities

      You can view the vulnerability name, urgency, software information, vulnerability location, and solution.

    • Search for vulnerabilities

      In the upper part of the vulnerability list, you can select an urgency level (Repair now, Repair later, No repair required now) to filter vulnerabilities. You can also search for a vulnerability by its name or software information.

      Both vulnerability and software names support fuzzy search.

    • Viewing basic information about a vulnerability and the images affected by the vulnerability

      Click a vulnerability name to go to the basic information page. Here you can view more details and the images affected by the vulnerability.

    Figure 2 Vulnerability report

Applying a Policy to a Local Image

You can apply a policy to a local image.

  1. Log in to the management console.
  2. In the upper part of the page, select a region, click , and choose Security & Compliance > Container Guard Service.
  3. In the navigation pane on the left, choose Images.
  4. Click the Local Images tab and click an image name. The Basic Information page is displayed.
  5. Click the Associate Policies tab and click Apply Policy.

    Figure 3 Applying a policy

  6. In the displayed dialog box, select the policy to be applied and click OK.

    To cancel application of a policy, click Cancel Application in the Operation column of the policy.