Updated on 2022-04-01 GMT+08:00

Related Services

CCE

Cloud Container Engine (CCE) rapidly builds a highly reliable container cluster based on the cloud server and adds nodes in the cluster. CGS installs shields on a cluster to protect container applications on nodes in a cluster.

CCE is a high-performance, high-reliability service through which enterprises can manage containerized applications. CCE supports native Kubernetes applications and tools, allowing you to easily set up a container runtime environment on the cloud. For more information, see the Cloud Container Engine User Guide.

CTS

Cloud Trace Service (CTS) provides you with a history of CGS operations. After enabling CTS, you can view all generated traces to review and audit performed CGS operations. For details, see the Cloud Trace Service User Guide.

Table 1 CGS operations that can be recorded by CTS

Operation

Resource Type

Trace Name

Enabling cluster protection

cgs

openClusterProtect

Disabling cluster protection

cgs

closeClusterProtect

Adding a policy

cgs

addPolicy

Editing a policy

cgs

modifyPolicy

Deleting a policy

cgs

deletePolicy

Applying a policy to an image

cgs

imageApplyPolicy

Ignoring all images affected by the vulnerability

cgs

ignoreVul

Restoring all images affected by the vulnerability

cgs

cancelIgnoreVul

Ignoring images affected by the vulnerability

cgs

ignoreImageVul

Unignoring of images affected by the vulnerability

cgs

cancelIgnoreImageVul

Unauthorized access

cgs

registerCgsAgency

Manually scanning images

cgs

scanPrivateImage

Obtaining and scanning images from Software Repository for Container (SWR)

cgs

syncSwrPrivateImage

SWR

Software Repository for Container (SWR) provides easy, secure, and reliable management over container images throughout their lifecycles, facilitating the deployment of containerized services. For more information, see the Software Repository for Container User Guide. CGS scans vulnerabilities and configurations in container images to help enterprises detect the container environment that cannot be achieved by traditional security software.

IAM

Identity and Access Management (IAM) provides the permission management for CGS. Only users granted with CGS Administrator permissions can use CGS. To obtain the permissions, contact users who have Security Administrator permissions. For details, see Identity and Access Management User Guide.