To ensure the security of a cloud-native supply chain, you need to purchase a CSG instance, perform security scanning, view access statistics and attack protection records through the dashboard, and learn the security status of the service.
Step I: Purchasing a CSG Instance
For details, see Purchasing CSG.
Step II: Installing a Sever/Agent
For details, see Installing a Sever/Agent.
Step III: Scanning Images
1. Log in to the CSG Console.Select Image security > Image management on the left navigation bar. You can perform security scanning for the repository image and node image on the Image management page.
2. Go to the Registry management page, click"New Registry", and add an image repository.
3. Scan the node image.
a. Go to the node image page, click"Update image" and obtain the repository image data.
b. Click"Scan image" to perform a security scanning of the image.
4. Scan the repository image.
a. Go to the Image security page, click"“Update image"", and obtain the repository image data.
b. Click"Scan image" to perform a security scanning of the image.
5. Select Image security > Policy Management on the left navigation bar and go to the page to configure the image policy, vulnerability, file, and software package rule to prevent risks from flowing into the supply chain.
6. Select Image security > Image settings on the left navigation bar and go to the page to configure the image scanning rule, historical image retention time, and periodic scanning rule.
Step IV: Viewing Event Reports
After the protection policy is configured for an image, the protection event information is recorded, including alarm name, alarm level, alarm type, cluster name, affected node/repository, image name, status, first discovery time, last discovery time, etc.
1. Log in to the CSG Console.
2. Select Alarm > Image alarm on the left navigation bar.
3. You can view image alarm records in the alarm list.
4. Click"Handle" on the list operation column to select how to process the event, such as Mark as resolved, Join the whitelist, and Image blocking. You click"Mark as resolved" at the top right of the list for batch disposal of alarms reported by mistake.