Managing Local Image Vulnerabilities

Check Method

After you enable cluster protection, CGS automatically scans your clusters.

Prerequisites

The cluster protection function has been enabled.

Viewing Vulnerabilities

1. Log in to the management console.
2. In the upper part of the page, select a region, click , and choose Security & Compliance > Container Guard Service.
3. In the navigation pane on the left, choose Image Security.
4. Click Image Vulnerabilities and click Local Image Vulnerabilities.
5. View the vulnerability statistics.
   • Vulnerabilities: Number and percentage of vulnerabilities by the urgency level
   • Top 5 Risky Images: Top 5 images with the most vulnerabilities and the number of vulnerabilities at each urgency level
     Figure 1 Local image vulnerability overview
     
     

     Click a risky image to check its vulnerability overview, including the vulnerability name, urgency, status, software information; and choose to fix or ignore the vulnerability.

6. Go to the local image vulnerability page. For more information, see Table 1.

   Table 1 Parameter description

   Parameter	Description	Operation
   Vulnerability Name	-	Click to view the details of a vulnerability, including CVE ID, CVSS Score, Disclosed, and Vulnerability Details. Click a vulnerability name to view the images affected by the vulnerability. For details, see 7.
   Repair Urgency	Shows whether the vulnerability should be repaired immediately.	-
   Unprocessed Images	Shows the number of images where the vulnerability is detected but not fixed yet.	-
   Historically Affected Images	Shows the number of images that have been affected.	-
   Solution	Provides a solution to fix the vulnerability.	Click the link in the Solution column to view the solution.

7. Click a vulnerability name to view the basic information about the affected images, as shown in Figure 2 and Figure 3.
   Figure 2 Basic information about a vulnerability in local images
   
   Figure 3 Affected images
   

Ignoring a Vulnerability

A vulnerability with no risk or small risks can be ignored. After a vulnerability is ignored, the vulnerability is not counted for the image, but it is still in the vulnerability list.

1. Log in to the management console.
2. In the upper part of the page, select a region, click , and choose Security & Compliance > Container Guard Service.
3. In the navigation pane on the left, choose Image Security.
4. Click Image Vulnerabilities and click Local Image Vulnerabilities.
5. Ignore the impact of the vulnerability on all images, or ignore the impact of the vulnerability on an image. For details, see Table 2.

   Table 2 Ignoring a vulnerability

   Operation	Procedure
   Ignoring the impact of a vulnerability on all images	In the vulnerability list, select a vulnerability to be ignored and click Ignore at the upper left corner. In the displayed dialog box, click OK to ignore the selected vulnerability.
   Ignoring the impact of a vulnerability on an image	Method 1: In the vulnerability list, click the vulnerability name to view Images Affected by a Vulnerability. In the Operation column of the image, click Ignore. In the displayed dialog box, click OK to ignore the vulnerability. Method 2: Click the name of the image to view the vulnerability and its processing status. In the Operation column of the vulnerability, click Ignore. In the displayed dialog box, click OK to ignore the vulnerability.

Stopping Ignoring a Vulnerability

• Go to the vulnerability list, select the ignored vulnerability, and click Cancel Ignorance in the upper left corner of the vulnerability list to cancel ignoring a vulnerability.
• Go to the list of images affected by a vulnerability. In the Operation column of the image, click Cancel Ignorance to cancel ignoring a vulnerability.
• Go to the list of vulnerabilities in an image. In the row containing the vulnerability, click Cancel Ignorance in the Operation column to cancel ignoring a vulnerability.