Help Center/ Container Guard Service/ User Guide/ Image Security/ Managing Local Image Vulnerabilities
Updated on 2022-10-08 GMT+08:00

Managing Local Image Vulnerabilities

This section describes how to check the vulnerabilities on the local image and determine whether to ignore the vulnerabilities.

Check Method

After you enable cluster protection, CGS automatically scans your clusters.

Prerequisites

The cluster protection function has been enabled.

Viewing Vulnerabilities

  1. Log in to the management console.
  2. In the upper part of the page, select a region, click , and choose Security & Compliance > Container Guard Service.
  3. In the navigation pane on the left, choose Image Security.
  4. Click Image Vulnerabilities and click Local Image Vulnerabilities.
  5. View the vulnerability statistics.

    • Vulnerabilities: Number and percentage of vulnerabilities by the urgency level
    • Top 5 Risky Images: Top 5 images with the most vulnerabilities and the number of vulnerabilities at each urgency level
      Figure 1 Local image vulnerability overview

      Click a risky image to check its vulnerability overview, including the vulnerability name, urgency, status, software information; and choose to fix or ignore the vulnerability.

  6. Go to the local image vulnerability page. For more information, see Table 1.

    Table 1 Parameter description

    Parameter

    Description

    Operation

    Vulnerability Name

    -

    • Click to view the details of a vulnerability, including CVE ID, CVSS Score, Disclosed, and Vulnerability Details.
    • Click a vulnerability name to view the images affected by the vulnerability. For details, see 7.

    Repair Urgency

    Shows whether the vulnerability should be repaired immediately.

    -

    Unprocessed Images

    Shows the number of images where the vulnerability is detected but not fixed yet.

    -

    Historically Affected Images

    Shows the number of images that have been affected.

    -

    Solution

    Provides a solution to fix the vulnerability.

    Click the link in the Solution column to view the solution.

  7. Click a vulnerability name to view the basic information about the affected images, as shown in Figure 2 and Figure 3.

    Figure 2 Basic information about a vulnerability in local images
    Figure 3 Affected images

Ignoring a Vulnerability

A vulnerability with no risk or small risks can be ignored. After a vulnerability is ignored, the vulnerability is not counted for the image, but it is still in the vulnerability list.

  1. Log in to the management console.
  2. In the upper part of the page, select a region, click , and choose Security & Compliance > Container Guard Service.
  3. In the navigation pane on the left, choose Image Security.
  4. Click Image Vulnerabilities and click Local Image Vulnerabilities.
  5. Ignore the impact of the vulnerability on all images, or ignore the impact of the vulnerability on an image. For details, see Table 2.

    Table 2 Ignoring a vulnerability

    Operation

    Procedure

    Ignoring the impact of a vulnerability on all images

    1. In the vulnerability list, select a vulnerability to be ignored and click Ignore at the upper left corner.
    2. In the displayed dialog box, click OK to ignore the selected vulnerability.

    Ignoring the impact of a vulnerability on an image

    • Method 1:
      1. In the vulnerability list, click the vulnerability name to view Images Affected by a Vulnerability. In the Operation column of the image, click Ignore.
      2. In the displayed dialog box, click OK to ignore the vulnerability.
    • Method 2:
      1. Click the name of the image to view the vulnerability and its processing status. In the Operation column of the vulnerability, click Ignore.
      2. In the displayed dialog box, click OK to ignore the vulnerability.

Stopping Ignoring a Vulnerability

  • Go to the vulnerability list, select the ignored vulnerability, and click Cancel Ignorance in the upper left corner of the vulnerability list to cancel ignoring a vulnerability.
  • Go to the list of images affected by a vulnerability. In the Operation column of the image, click Cancel Ignorance to cancel ignoring a vulnerability.
  • Go to the list of vulnerabilities in an image. In the row containing the vulnerability, click Cancel Ignorance in the Operation column to cancel ignoring a vulnerability.