Updated on 2025-09-08 GMT+08:00

Viewing and Handling Repository Image Scan Results

Scenarios

HSS can present image security statistics in the risk view and image view, helping you comprehensively learn, locate, and fix image risks.

  • Risk view: View all the scan results of a risk, for example, a system vulnerability, application vulnerability, malicious file, unsafe setting, sensitive information risk, or software compliance issue.
  • Image view: View the scan results of an image. The results include system vulnerabilities, application vulnerabilities, malicious files, software information, file information, unsafe baseline settings, sensitive information, software compliance, and base image information.

You can view and handle repository image scan results in Risk View or Image View.

Viewing and Handling Repository Image Scan Results in the Risk View

  1. Log in to the HSS console.
  2. Click in the upper left corner and select a region or project.
  3. In the navigation pane on the left, choose Risk Management > Container Images.
  4. Click the Risk View tab. Click a risk sub-tab, and select Repository Images from the drop-down list. Check and handle scan results. For details, see Table 1.

    Image names are not displayed for some risks. You can export risk results to obtain these image names and image tags.

    Figure 1 Repository image risk view
    Table 1 Image scan results

    Risk Type

    Description

    System Vulnerabilities

    OS vulnerability scan results. You can perform the following operations:

    • View vulnerability details

      Click a vulnerability name. On the vulnerability details page, view the vulnerability notice, CVE, suggestions, affected images, and handling history.

    • Handle vulnerabilities
      • Ignore

        If a vulnerability does not need to be handled for now, you can ignore it. It will still be displayed in future scan results.

      • Add to whitelist

        If a vulnerability does not affect your services, you can add it to the whitelist.

      • Fix

        Fix the vulnerability by referring to the suggestions in the vulnerability details.

    Application Vulnerabilities

    Application software vulnerability scan results. You can perform the following operations:

    • View vulnerability details

      Click a vulnerability name. On the vulnerability details page, view the vulnerability notice, suggestions, affected images, and handling history.

    • Handle vulnerabilities
      • Ignore

        If a vulnerability does not need to be handled for now, you can ignore it. It will still be displayed in future scan results.

      • Add to whitelist

        If a vulnerability does not affect your services, you can add it to the whitelist.

      • Fix

        Fix the vulnerability by referring to the suggestions in the vulnerability details.

    Malicious Files

    Detected malicious image files. Their file names, paths, and sizes are displayed.

    You can locate and remove malicious files accordingly.

    Unsafe Configuration

    Image baseline check result, including Unsafe Settings, Password Complexity Policy Risks, and Common Weak Password Risks. You can perform operations based on the check type:

    • Unsafe Settings

      You can view the check items in the list. In the Operation column of a check item, click View Details. On the displayed slide-out panel on the right, you can view the audit description, suggestion, and affected images of the check item.

    • Password Complexity Policy Risks

      Check Affected Images and Policy Risks, and modify your password complexity policies based on Suggestion.

    • Common Weak Password Risks

      The scan result contains the account name, account type, masked weak password, weak password usage duration, affected image, and image tag. You can log in to the account to change its password.

      To let HSS scan for user-defined weak passwords, perform the following operations:
      1. Click the Common Weak Password Risks tab and click Manage Weak Password.
      2. Configure weak passwords and click OK.

    Sensitive Information

    The scan result contains the risk level, file path, sensitive information, rule name (sensitive information type), affected image, and image tag.

    Software Compliance

    The scan result contains the non-compliant software name, version, path, affected image, and image tag.

Viewing and Handling Repository Image Scan Results in the Image View

  1. Log in to the HSS console.
  2. Click in the upper left corner and select a region or project.
  3. In the navigation pane on the left, choose Risk Management > Container Images.
  4. Click the Image View tab.
  5. Click the Repository Images tab.
  6. In the Operation column of an image, click View Results to go to the image details page.
  7. View and handle risk scan results. For details, see Table 2.

    Figure 2 Repository image scan details
    Table 2 Image scan result parameters

    Risk Type

    Description

    Vulnerability Reports

    Results of OS and application vulnerability scans. You can:

    • View vulnerability details

      Click a vulnerability name to go to its details page. View the vulnerability description, urgency, and affected images.

    • Handle vulnerabilities
      • Ignore

        If a vulnerability does not need to be handled for now, you can ignore it. It will still be displayed in future scan results.

      • Add to whitelist

        If a vulnerability does not affect your services, you can add it to the whitelist.

      • Fix

        To fix a system vulnerability, upgrade the software affected by it. Click To upgrade the affected software to go to the security notice details page. View the affected components, CVE, and more information.

        To fix an application vulnerability, hover the cursor over the solution description of a vulnerability to view the solution. To install a patch, access the patch installation guide link provided in the solution, and install the patch accordingly.

    Malicious Files

    Scan results of malicious image files, including the file names, paths, and file sizes.

    You can locate and remove malicious files accordingly.

    Software Information

    Statistical results of image software, including the software names, types, versions, and number of software vulnerabilities.

    Click next to a software name to view its vulnerability name, urgency, and solution.

    File Information

    Statistical results of image files, including their file names, paths, and sizes.

    You can check and remove abnormal files accordingly.

    Unsafe Configuration

    Image baseline check result, including Unsafe Settings, Password Complexity Policy Risks, and Common Weak Password Risks. You can perform operations based on the check type:

    • Unsafe Settings

      You can view the check items in the list. In the Operation column of a check item, click View Details. On the displayed slide-out panel on the right, you can view the audit description, suggestion, and affected images of the check item.

    • Password Complexity Policy Risks

      Check Affected Images and Policy Risks, and modify your password complexity policies based on Suggestion.

    • Common Weak Password Risks

      The scan result contains the account name, account type, masked weak password, weak password usage duration, affected image, and image tag. You can log in to the account to change its password.

      To let HSS scan for user-defined weak passwords, perform the following operations:
      1. Click the Common Weak Password Detection tab and click Manage Weak Password.
      2. Configure weak passwords and click OK.

    Sensitive Information

    The scan result contains the risk level, file path, content, rule name (sensitive information type), affected image, and image tag.

    Software Compliance

    The scan result contains the non-compliant software name, version, path, and image tag.

    Base Images

    Scan results of the base image scan used by a service image. The results include the image name, version, and image layer path.