Help Center/ Host Security Service/ User Guide/ Risk Management/ Container Image Security/ CI/CD Image Security Scan/ Viewing and Handling CI/CD Image Scan Results
Updated on 2025-09-08 GMT+08:00
View PDF
Share

Viewing and Handling CI/CD Image Scan Results

Scenarios

To perform CI/CD image security scans, access CI/CD first. For details, see Accessing CI/CD.

After CI/CD is accessed, HSS will check image security during project building in Jenkins Pipeline, and display the scan results on the HSS console. It can help you identify and eliminate image security risks in a timely manner.

HSS can present image security statistics in the risk view and image view, helping you comprehensively learn, locate, and fix image risks.

  • Risk view: View all the scan results of a risk, for example, a system vulnerability, application vulnerability, malicious file, unsafe setting, sensitive information risk, or software compliance issue.
  • Image view: View the scan results of an image. The results include system vulnerabilities, application vulnerabilities, malicious files, software information, file information, unsafe baseline settings, sensitive information, software compliance, and base image information.

Viewing and Handling CI/CD Image Scan Results in the Risk View

  1. Log in to the HSS console.
  2. Click in the upper left corner and select a region or project.
  3. In the navigation pane on the left, choose Risk Management > Container Images.
  4. On the Risk View tab page, click a risk sub-tab, and select CI/CD Images from the drop-down list. Check and handle scan results. For details, see Table 1.

    Image names are not displayed for some risks. You can export risk results to obtain these image names and image tags.

    Figure 1 Risk view of CI/CD images
    Table 1 Image scan results

    Risk Type

    Description

    System Vulnerabilities

    OS vulnerability scan results.

    Click a vulnerability notice name to go to the vulnerability details page. You can view the notice details, CVE details, suggestions, and affected images. You can fix the vulnerability based on the suggestions.

    Application vulnerabilities

    Application software vulnerability scan results.

    Click a vulnerability notice name to go to the vulnerability details page. You can view the notice details, suggestions, and affected images. You can fix the vulnerability based on the suggestions.

    Malicious Files

    Results of malicious image file scans, including the file names, paths, file sizes, image types, affected images, and image tags.

    You can locate and remove malicious files accordingly.

    Unsafe Configuration

    Results of image baseline checks, including unsafe settings, password complexity policy risks, and common weak password risks. You can perform operations based on the check type:

    • Unsafe Settings

      You can view the check items in the list. In the Operation column of a check item, click View Details. On the displayed slide-out panel on the right, you can view the audit description, suggestion, and affected images of the check item.

    • Password Complexity Policy Risks

      Check Affected Images and Policy Risks, and modify your password complexity policies based on Suggestion.

    • Common Weak Password Risks

      The scan result contains the account name, account type, masked weak password, weak password usage duration, affected image, and image tag. You can log in to the account to change its password.

      To let HSS scan for user-defined weak passwords, perform the following operations:
      1. Click Common Weak Password Detection and click Manage Weak Password.
      2. Configure weak passwords and click OK.

    Sensitive Information

    The scan result contains the risk level, file path, sensitive information, rule name (sensitive information type), affected image, and image tag.

    You are advised to remove sensitive information and create an image again.

    Software Compliance

    The scan result contains the non-compliant software name, version, path, affected image, and image tag.

    You are advised to remove non-compliant software in time.

Viewing and Handling CI/CD Image Scan Results in the Image View

  1. Log in to the HSS console.
  2. Click in the upper left corner and select a region or project.
  3. In the navigation pane on the left, choose Risk Management > Container Images.
  4. Click the Image View tab.
  5. Click the CI/CD Images sub-tab. View CI/CD images.
  6. In the Operation column of an image, click View Results to go to the image details page.
  7. View and handle risk scan results. For details, see Table 2.

    Figure 2 CI/CD image scan results
    Table 2 Image scan results

    Risk Type

    Description

    Vulnerability Reports

    Results of OS and application vulnerability scans.

    • Basic vulnerability information

      Click a vulnerability name to go to its details page. View the vulnerability description, urgency, and affected images.

    • Solution
      • System vulnerabilities

        Upgrade the software affected by the vulnerability. Click To upgrade the affected software to go to the security notice details page. View the affected components, CVE, and more information.

      • Application vulnerabilities

        Hover the cursor over the solution description of a vulnerability to view the solution. To install a patch, access the patch installation guide link provided in the solution, and install the patch accordingly.

    Malicious Files

    Scan results of malicious image files, including the file names, paths, and file sizes.

    You can locate and remove malicious files accordingly.

    Software Information

    Statistical results of image software, including the software names, types, versions, and number of software vulnerabilities.

    Click next to a software name to view its vulnerabilities, urgency, and solutions.

    File Information

    Statistical results of image files, including their file names, paths, and sizes.

    You can check and remove abnormal files accordingly.

    Unsafe Configuration

    Results of image baseline checks, including Unsafe Settings, Password Complexity Policy Risks, and Common Weak Password Risks. You can perform operations based on the check type:

    • Unsafe Settings

      You can view the check items in the list. In the Operation column of a check item, click View Details. On the displayed slide-out panel on the right, you can view the audit description, suggestion, and affected images of the check item.

    • Password Complexity Policy Risks

      Check Affected Images and Policy Risks, and modify your password complexity policies based on Suggestion.

    • Common Weak Password Risks

      The scan result contains the account name, account type, masked weak password, weak password usage duration, affected image, and image tag. You can log in to the account to change its password.

      To let HSS scan for user-defined weak passwords, perform the following operations:
      1. Click Common Weak Password Detection and click Manage Weak Password.
      2. Configure weak passwords and click OK.

    Sensitive Information

    The scan result contains the risk level, file path, content, rule name (sensitive information type), affected image, and image tag.

    You are advised to remove sensitive information and create an image again.

    Software Compliance

    The scan result contains the non-compliant software name, version, path, and image tag.

    You are advised to remove non-compliant software in time.

    Base Images

    Scan results of the base image scan used by a service image. The results include the image name, version, and image layer path.

Related Operations

For details about how to add or modify the vulnerability blacklist, vulnerability whitelist, or image whitelist, see Editing the Blacklist or Whitelist.

Parent Topic: CI/CD Image Security Scan