The page has been translated by Gen AI.

Manage Image Security Vulnerabilities

By using the image security vulnerability scanning feature, you can manually or automatically scan OS package security vulnerabilities in images stored in Container Registry and the Secrets contained within the images. Based on the scan results, users can identify and remove known vulnerabilities (CVE) and Secrets, preventing the use of insecure images.

Vulnerability assessment support information

Supported OS

The vulnerability scanning feature supports checking libraries installed via the package manager on the following operating systems.

Supported OS
Ubuntu
Cent OS
Oracle
Debian
Alpine
AlmaLinux
AWS Linux
Rocky Linux
RHEL
Suse
VMWare Photon

Table. Supported OS Types

Supported Language

The vulnerability assessment feature supports checks for the following Language.

Supported Language
Python
PHP
Node.js
.NET
Go

Table. Supported Language Types I (Libraries installed via Language package manager)

Supported Language
Java

Table. Supported Language Types II (Libraries identified based on pom.properties and MANIFEST.MF files contained in jar, war, par, ear type files)

Support Secret

The vulnerability scanning feature supports the following types of Secrets contained in the image.

Support Secret
AWS access key
GitHub personal access token
GitLab personal access token
Asymmetric Private Key

Table. Supported Secret Types

Checking image security vulnerabilities (manual)

To check image security vulnerabilities, follow the steps below.

Click the All Services > Container > Container Registry menu. Navigate to the Service Home page of Container Registry.
On the Service Home page, click the Image menu. You will be taken to the Image List page.
Image List Click the Settings icon at the top of the page and select the Registry name and Repository name where the Image for detailed information is stored.
On the Image List page, click the resource (Image) to check for security vulnerabilities. You will be taken to the Image Details page.
- Image Details Click the Tags tab to the right of the detailed information tab at the top of the page. You will be taken to the Tags tab page.
On the Tags tab page, click the More button located at the far right of the tag you want to check for security vulnerabilities, then click Vulnerability Check.
When the vulnerability check notification popup opens, click the Confirm button.
- When the inspection starts, the phrase Vulnerability assessment will be performed. is displayed.
- When the inspection is finished, the Vulnerability Inspection Results item displays a summary of the inspection results and a View Results button. Clicking the View Results button opens a popup that shows detailed analysis of Vulnerabilities by Image Digest (Tags).
  Reference
  - Click the View Results button to see the detailed vulnerability analysis results for the image tag.
    After a vulnerability scan, if a red exclamation mark icon (!) appears in the scan date/time field, it means the vulnerability scan list for the Container Registry service has been updated. Click Vulnerability Scan to re‑scan, as new vulnerability items need to be checked for the image Digest (Tags).

View Image Security Vulnerability Scan Results

To view the vulnerability assessment results, follow these steps.

Click the All Services > Container > Container Registry menu. Navigate to the Service Home page of Container Registry.
On the Service Home page, click the Image menu. You will be taken to the Image List page.
Click the Settings icon at the top of the Image List page and select the Registry name and Repository name where the Image to be inspected is stored.
Image List page, click the resource (Image) to check for security vulnerabilities. You will be taken to the Image Details page.
- Image Details Click the Tags tab on the right side of the detailed information tab at the top of the page. You will be taken to the Tags tab page.
On the Tags tab page, click the View Results button of the Vulnerability Check Result item for the tag whose vulnerability check results you want to view.
Image Tags Vulnerabilities Check the results in the popup window that displays the detailed analysis results.

View inspection results by vulnerability

Image Tag Vulnerabilities On the detailed page’s Vulnerabilities tab, you can view the image security vulnerability assessment results for each vulnerability.

Item	Detailed description
Vulnerability Assessment	Vulnerability check button When the button is clicked, start the vulnerability check However, if the tag status is Inactive, the vulnerability check button is not enabled
Inspection date and time	Vulnerability assessment date and time
Distribution	OS name and version of the image Digest (Tags) under inspection Refer to the supported OS list
Total number of vulnerabilities	Summary of vulnerability assessment results The total number of detected vulnerabilities and the count of vulnerabilities by severity are displayed as a graph Vulnerabilities are classified into six severity levels (Critical, High, Medium, Low, Negligible, Unknown)

Table. Summary of Vulnerability Inspection Results

In the Vulnerability tab, you can view the list of all discovered vulnerabilities.

Item	Detailed description
CVE	External links to verify the detected vulnerability ID (CVE ID) and detailed information about the vulnerability CVE (Common Vulnerabilities and Exposures)
Severity	Severity of detected vulnerabilities
CVSS	CVSS (Common Vulnerability Scoring System) based vulnerability score
Category	Inspection target type of detected vulnerabilities OS packages or Language packages are displayed
OS/Language	OS or Language package type of the detected vulnerability Refer to the list of supported OSes and supported Languages
package	Package name with the discovered vulnerability
Current version	Current version of the package with the vulnerability (vulnerable version)
Revised version	Version of the package with the vulnerability fixed
Whether to edit	Whether a version with the vulnerability fixed exists for the package with the discovered vulnerability (whether a vulnerability patch version exists)
Expand button	View vulnerability detailed information When you click the Expand button, detailed information about the vulnerability is displayed at the bottom You can view the Description and Vectors results for the vulnerability. Detailed explanations for each Vector value are provided via tooltips. Detailed information opened with the Expand button can be closed by clicking the Collapse button.

Table. Vulnerability List Items

View inspection results by package

Image Tag Vulnerabilities On the detail page, clicking the Package tab navigates to the package-specific vulnerability page. In the Package tab, you can view the image security vulnerability assessment results by package.

Item	Detailed description
Vulnerability Assessment	Vulnerability assessment button When the button is clicked, start vulnerability assessment However, if the tag status is Inactive, the vulnerability assessment button is not enabled
Inspection date and time	Vulnerability assessment date and time
Distribution	OS name and version of the image Digest (Tags) to be inspected refer to the supported OS list
Total number of packages	Overall package information summary The total number of discovered packages and the number of packages based on vulnerability presence are displayed as a graph

Table. Summary Items of Package Vulnerability Inspection Results

In the Package tab, you can view the full list of packages and the lists of packages with detected vulnerabilities and without detected vulnerabilities.

Item	Detailed description
Category	Type of discovered package Display OS package or Language package
OS/Language	Detailed OS or Language type of the discovered package Refer to the list of supported OSes and supported languages
Package	Detected package name
Version	Current version of the package
Vulnerability assessment results	Summary of the number of vulnerabilities contained in the package
type	OS or language type and details of the discovered package

Table. Package list items

Check inspection results by secret unit

Image Tag Vulnerabilities On the detail page, clicking the Secret tab takes you to the vulnerability page for each secret. You can view the image security vulnerability assessment results by secret.

Item	Detailed description
Vulnerability Assessment	Vulnerability check button When the button is clicked, the vulnerability check starts However, if the tag status is Inactive, the Vulnerability Check button is not activated
Inspection date and time	Vulnerability assessment date and time
Distribution	OS name and version of the image Digest (Tags) Refer to the supported OS list
Total number of vulnerabilities	Vulnerability Result Summary The total number of detected vulnerabilities and the count per severity are displayed as a graph Vulnerabilities are classified into six levels based on severity (Critical, High, Medium, Low, Negligible, Unknown)

Table. Summary of Secret Vulnerability Inspection Results

In the Secrets tab, you can view the complete list of secret files, as well as the lists of files with detected vulnerabilities and files without detected vulnerabilities.

Item	Detailed description
File	File name of detected secret
Category	Detected secret type Refer to the supported secret list
Severity	Detected secret severity
Match	Secret match information in the detected file

Table. Secret List Items

Manage Images and Tags

Manage Image Tag Deletion Policy