Managing Local Image Vulnerabilities
This section describes how to check the vulnerabilities on the local image and determine whether to ignore the vulnerabilities.
Check Method
After you enable cluster protection, CGS automatically scans your clusters.
Prerequisites
The cluster protection function has been enabled.
Viewing Vulnerabilities
- Log in to the management console.
- In the upper part of the page, select a region, click , and choose Security & Compliance > Container Guard Service.
- In the navigation pane on the left, choose Image Security.
- Click Image Vulnerabilities and click Local Image Vulnerabilities.
- View the vulnerability statistics.
- Vulnerabilities: Number and percentage of vulnerabilities by the urgency level
- Top 5 Risky Images: Top 5 images with the most vulnerabilities and the number of vulnerabilities at each urgency level
Figure 1 Local image vulnerability overview
Click a risky image to check its vulnerability overview, including the vulnerability name, urgency, status, software information; and choose to fix or ignore the vulnerability.
- Go to the local image vulnerability page. For more information, see Table 1.
Table 1 Parameter description Parameter
Description
Operation
Vulnerability Name
-
- Click to view the details of a vulnerability, including CVE ID, CVSS Score, Disclosed, and Vulnerability Details.
- Click a vulnerability name to view the images affected by the vulnerability. For details, see 7.
Repair Urgency
Shows whether the vulnerability should be repaired immediately.
-
Unprocessed Images
Shows the number of images where the vulnerability is detected but not fixed yet.
-
Historically Affected Images
Shows the number of images that have been affected.
-
Solution
Provides a solution to fix the vulnerability.
Click the link in the Solution column to view the solution.
- Click a vulnerability name to view the basic information about the affected images, as shown in Figure 2 and Figure 3.
Ignoring a Vulnerability
A vulnerability with no risk or small risks can be ignored. After a vulnerability is ignored, the vulnerability is not counted for the image, but it is still in the vulnerability list.
- Log in to the management console.
- In the upper part of the page, select a region, click , and choose Security & Compliance > Container Guard Service.
- In the navigation pane on the left, choose Image Security.
- Click Image Vulnerabilities and click Local Image Vulnerabilities.
- Ignore the impact of the vulnerability on all images, or ignore the impact of the vulnerability on an image. For details, see Table 2.
Table 2 Ignoring a vulnerability Operation
Procedure
Ignoring the impact of a vulnerability on all images
- In the vulnerability list, select a vulnerability to be ignored and click Ignore at the upper left corner.
- In the displayed dialog box, click OK to ignore the selected vulnerability.
Ignoring the impact of a vulnerability on an image
- Method 1:
- In the vulnerability list, click the vulnerability name to view Images Affected by a Vulnerability. In the Operation column of the image, click Ignore.
- In the displayed dialog box, click OK to ignore the vulnerability.
- Method 2:
- Click the name of the image to view the vulnerability and its processing status. In the Operation column of the vulnerability, click Ignore.
- In the displayed dialog box, click OK to ignore the vulnerability.
Stopping Ignoring a Vulnerability
- Go to the vulnerability list, select the ignored vulnerability, and click Cancel Ignorance in the upper left corner of the vulnerability list to cancel ignoring a vulnerability.
- Go to the list of images affected by a vulnerability. In the Operation column of the image, click Cancel Ignorance to cancel ignoring a vulnerability.
- Go to the list of vulnerabilities in an image. In the row containing the vulnerability, click Cancel Ignorance in the Operation column to cancel ignoring a vulnerability.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot