The page has been translated by Gen AI.

Managing Image Security Vulnerabilities

The image security vulnerability checking function allows you to manually or automatically check the OS package security vulnerabilities and Secrets included in the images stored in the Container Registry. Users can identify and remove known vulnerabilities (CVE) and Secrets based on the inspection results, preventing the use of insecure images.

Vulnerability Check Support Information

Supported OS

The vulnerability checking function supports checking of libraries installed with a package manager on the following OS.

Supported OS
Ubuntu
Cent OS
Oracle
Debian
Alpine
AWS Linux
RHEL
Suse
VMWare Photon
Table. Supported OS types

Supported Language

The vulnerability checking function supports checking for the following languages.

Supported Language
Python
PHP
Node.js
.NET
Go
Dart
Table. Supported Language Type I (Language package manager installed library)
Supported Language
Java
Table. Supported Language Type II (identified based on pom.properties and MANIFEST.MF files included in jar, war, par, ear type files)

Support Secret

The vulnerability scanning feature supports the following types of secrets included in the image.

Support Secret
AWS access key
GitHub personal access token
GitLab personal access token
Asymmetric Private Key
Table. Supported Secret Types

Checking image security vulnerabilities (manual)

To check for image security vulnerabilities, follow the next procedure.

  1. Click on the menu for all services > Container > Container Registry. It moves to the Service Home page of Container Registry.
  2. Service Home page, click the Image menu. It moves to the Image list page.
  3. Image list Click the Settings icon at the top of the page to check the detailed information and select the Registry name and Repository name where the Image is stored, respectively.
  4. On the Image List page, click the resource (Image) to check for security vulnerabilities. It moves to the Image Details page.
    • Click the Tags tab to the right of the detailed information tab at the top of the Image Details page. Move to the Tags tab page.
  5. On the Tags tab page, click the more button located at the right end of the tag to check security vulnerabilities, then click Vulnerability Check.
  6. When the vulnerability check alert popup window opens, click the Confirm button.
    • When the inspection starts, vulnerability check will be performed. message is displayed.
    • After the inspection is complete, a summary of the inspection results and the View Results button are displayed in the Vulnerability Check Results section. When you click the View Results button, a popup window appears where you can view detailed analysis results of vulnerabilities by Image Digest(Tags).
Note
By clicking the * 결과보기 button, you can check the detailed analysis result of the vulnerability for the image tag. After checking for vulnerabilities, if a red exclamation mark icon (!) is displayed in the inspection date item, it means that the vulnerability check list of the Container Registry service has been updated. Click Vulnerability Check to recommend re-checking as a new vulnerability item check is required for the corresponding image Digest (Tags).

Check the image security vulnerability check result

To check the vulnerability check result, follow the next procedure.

  1. Click on the menu for all services > Container > Container Registry. It moves to the Service Home page of Container Registry.
  2. Service Home page, click the Image menu. It moves to the Image list page.
  3. Image list Click the Settings icon at the top of the page to check the detailed information and select the Registry name and Repository name where the Image is stored, respectively.
  4. On the Image List page, click the resource (Image) to check for security vulnerabilities. It moves to the Image Details page.
    • Click the Tags tab to the right of the detailed information tab at the top of the Image Details page. Move to the Tags tab page.
  5. On the Tags tab page, click the View Results button in the Vulnerability Check Result item to check the vulnerability check result.
  6. Vulnerability Analysis by Image Tags A popup window appears to show detailed analysis results of vulnerabilities by image tags.

Check the test results by vulnerability unit

You can check the image security vulnerability check results by vulnerability in the Vulnerability tab.

ItemDetailed Description
Vulnerability CheckVulnerability check button
  • When you click the button, vulnerability check starts
  • However, if the tag status is Inactive, the Vulnerability Check button is not activated
Inspection DateVulnerability Inspection Date
DistributionInspection target image Digest(Tags) OS name and version
  • Refer to the list of supported OS
Total number of vulnerabilitiesVulnerability inspection result summary
  • The total number of detected vulnerabilities and the number of vulnerabilities by severity are displayed in a graph
  • Vulnerabilities are divided into 6 levels according to their severity (Critical, High, Medium, Low, Negligible, Unknown)
Table. Vulnerability Check Result Items

You can check the list of all discovered vulnerabilities in the Vulnerability tab.

ItemDetailed Description
CVEDetected vulnerability ID (CVE ID) and external link to confirm detailed vulnerability information
  • CVE (Common Vulnerabilities and Exposures)
SeverityDetected vulnerability severity
CVSSCVSS (Common Vulnerability Scoring System) based vulnerability score
CategoryType of inspection target for detected vulnerabilities
  • OS package or Language package is displayed
OS/LanguageDetected vulnerability’s OS or Language package type
  • Refer to the list of supported OS and supported Language
PackageName of the package where the vulnerability was found
Current versionCurrent version of vulnerable package (vulnerable version)
Updated versionThe version of the vulnerable package in which the vulnerability has been addressed
Whether the vulnerability in the discovered package has been fixed (whether a patched version of the vulnerability exists)
Expand ButtonVulnerability Details Inquiry
  • Expand button is clicked to display detailed information about the vulnerability below
  • It is possible to check the description and vectors result value of the corresponding vulnerability. A detailed description of each vector value is provided as a tooltip
  • Detailed information opened by the Expand button can be closed by clicking the Collapse button
Table. List of vulnerability items

Checking the results by package unit

You can check the image security vulnerability check results by package. In the Image Tag-based Vulnerability detail page, click the Package tab to move to the package-based vulnerability page.

ItemDetailed Description
Vulnerability CheckVulnerability check button
  • When you click the button, vulnerability check starts
  • However, if the tag status is Inactive, the Vulnerability Check button is not activated
Inspection DateVulnerability Inspection Date
DistributionInspection target image Digest(Tags) OS name and version
  • Refer to the list of supported OS
Total number of packagesSummary of total package information
  • Displays the total number of packages found and the number of packages by vulnerability status in a graph
Table. Package Vulnerability Check Result Items

In the package tab, you can check the entire package list, the list of packages with vulnerabilities found, and the list of packages with no vulnerabilities found.

ItemDetailed Description
CategoryType of discovered package
  • OS package or Language package is displayed
OS/LanguageDiscovered package’s OS or Language detailed type
  • Refer to the list of supported OS and supported Language
PackageDiscovered package name
VersionThe current version of the package
Vulnerability check resultSummary information of vulnerability count included in the package
TypeDetails of OS or Language type and details of discovered package
Table. Package list item

Check the test results by secret unit

You can check the image security vulnerability check results by secret. In the Image Tag-based Vulnerability detail page, clicking the Secret tab will move to the secret-based vulnerability page.

ItemDetailed Description
Vulnerability CheckVulnerability check button
  • When you click the button, vulnerability check starts
  • However, if the tag status is Inactive, the Vulnerability Check button is not activated
Inspection DateVulnerability Inspection Date
DistributionInspection target image Digest(Tags) OS name and version
  • Refer to the list of supported OS
Total number of vulnerabilitiesVulnerability result summary
  • The total number of detected vulnerabilities and the number of vulnerabilities by severity are displayed in a graph
  • Vulnerabilities are divided into 6 levels based on severity (Critical, High, Medium, Low, Negligible, Unknown)
Table. Secret Vulnerability Check Result Items

In the Secret tab

ItemDetailed Description
FileFile name where secret is detected
CategoryDetected secret type
  • Refer to the supported secret list
SeverityDetected Secret Severity
MatchDetected secret match information in the file
Fig. Secret List Items
Managing Images and Tags
Managing Image Tag Deletion Policies