Help Center/ Host Security Service/ User Guide (Kuala Lumpur Region)/ Asset Management/ Container Management/ Managing Local Images
Updated on 2025-10-10 GMT+08:00
View PDF
Share

Managing Local Images

Scenario

You can manually scan local images for vulnerabilities and software information and provides scan reports. This section describes how to perform security scans on local images and view scan reports.

Constraints

  • Only the HSS container edition supports this function.
  • Only the local images of the Docker engine can be reported to the HSS console.
  • Security scans can be performed only on Linux images.
  • Only the images whose storage drive is OverlayFS or OverlayFS2 can be scanned. Nodes using Device Mapper cannot be scanned.
  • Images whose names or versions are -- cannot be scanned.
  • HSS only has the permission to access the default scan directory /var/run. If Docker Root Dir is not /var/run/, HSS cannot scan images. You are advised to perform image scanning on the Containerd server.

Viewing Local Images

  1. Log in to the management console.
  2. Click in the upper left corner and select a region or project.
  3. In the upper left corner of the page, click and choose Security > Host Security Service.
  4. In the navigation pane on the left, choose Asset Management > Containers. The container management page is displayed.

    If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.

  5. Click the Container Images tab and click Local image.

    You can view the name, version, type, and security risks of an image.

    • Viewing information about servers associated with an image

      Click the server name of an image. The associated server list page is displayed. You can view details about the servers associated with the image.

    • Viewing information about containers associated with an image

      Locate the row that contains the target image and click the number in the Associated Containers column. The Associated Containers page is displayed. You can view details about the containers associated with the image.

    • Viewing information about image components

      Locate the row that contains the target image and click the number in the Components column. The Components page is displayed. You can view details about image components.

    • Viewing image security risks

      You can view the number of risky images and click the value to go to the risk details page.

Scanning Local Images

You can choose all images, multiple images, or a single image and manually start a scan. The duration of a security scan depends on the scanned image size. Generally, scanning an image takes shorter than 3 minutes. After the scan is complete, click View Report to check the report.

The following security scan items are supported for local images:

Scan Item

Description

Vulnerability

Detects vulnerabilities in images.

System vulnerability scan supports the following OSs:
  • EulerOS 2.2, 2.3, 2.5, 2.8, 2.9, 2.10, 2.11, 2.12 (64-bit)
  • CentOS 7.4, 7.5, 7.6, 7.7, 7.8, 7.9 (64-bit)
  • Ubuntu 16.04, 18.04, 20.04, 22.04 (64-bit)
  • Debian 9, 10, 11 (64-bit)
  • Kylin V10, V10 SP1, V10 SP2 (64-bit)
  • HCE 2.0 (64-bit)
  • SLES 12 SP5, 15 SP1, and 15 SP2 (64-bit)
  • UnionTech OS V20 server E, V20 server D, 1050u2e, 1050e, 1060e (64-bit)
  • Rocky Linux 8.6, 8.10, 9.4, 9.5 (64-bit)
  • CTyunOS 3-23.01 (64-bit)
  • AlmaLinux 8.4 (64-bit)

Installed software

Collects software information in an image.
  1. Log in to the management console and go to the HSS page.
  2. In the navigation pane, choose Asset Management > Containers. The container management page is displayed.
  3. Click the Container Images tab and click Local image.
  4. Performs a security scan for a single image or multiple images.

    • Single image security scan

      In the Operation column of the target image, click Scan to perform security scan.

    • Batch image security scan

      Select all target images and click Scan above the image list to perform security scan for multiple target images.

    • Full image security scan

      Click Scan All above the image list to perform a security scan for all images.

  5. In the displayed dialog box, click OK to start the scan job.

    After a full scan task is started, you can move the cursor over the gray Scan All button to view the scan progress.

  6. The image security scan is complete, when the Scan Status changes to Completed and the Latest Scan Completed shows the latest task execution time.

Viewing Local Image Vulnerability Reports and Software Information

  1. Log in to the management console and go to the HSS page.
  2. Click the Container Images tab and click Local image.
  3. In the Operation column of the target image, click View Report. On the displayed page, view vulnerability reports and software information.

Exporting Local Image Vulnerability Reports

  1. Log in to the management console and go to the HSS page.
  1. In the navigation pane, choose Asset Management > Containers. The container management page is displayed.
  1. Click the Container Images tab and click Local image.
  2. Click Export Vulnerability above the image list.

    If you want to export the vulnerability report of a specified image, select the image type in the search box and click Export Vulnerability.

  3. View the export status in the upper part of the container management page. After the export is successful, obtain the exported information from the default file download address on the local host.

    Do not close the browser page during the export. Otherwise, the export task will be interrupted.

Parent topic: Container Management