1. Log in to the CSG Console.
2. On the left navigation bar, select Image security > Image management to go to the Image management page.
3. On the left side of the registry image page, you can filter and view by registry > registry name. Click the 
button between the tree structure and the image list to fold the tree structure.
4. The top of the repository image list summarizes the total number of vulnerabilities in the current repository or project and classified statistics based on high-, medium-, and low-risk levels and different risk characteristics. The statistical results change correspondingly based on the change in the selection on the left tree structure. Click the category of images you want to view, and the image list conducts filtering and query based on the condition you click.
5. In the repository image list, you can filter and query by image name, image ID, image version, software name, software version, vulnerability number, blocking policy, risk level, and security issue.
6. The parameters in the repository image list are described as follows:
Parameter | Description |
Image Name | The name of the image, usually in the format of repository name or project name/image name. |
Image Version | Serves as the tag information of the image, which can distinguish images with the same name. |
Operating System | The system type of the base image for building the image. |
Source Repository | Obtains the source repository name for the image. |
Blocking Policy | Divided into Blocked and Passed, which displays the processing results after image scanning. When an image has a risk issue, the risk can be handled by blocking. |
Risk Level | The risk levels include high risk, moderate risk, low risk, unknown (scanning failure), unscanned, and safe. |
Security Issue | The security issues include: vulnerabilities, ransomware, vulnerabilities requiring special focus, Trojan horse viruses, custom exception files, risk files, custom exception software versions, disallowed software licenses, custom exception environment variables, untrusted images, unknown, no security issues, non-automatic pushing images. |
Discovery Time | The time when the system first obtained the image. |
Viewing Node Images
1. Log in to the CSG Console.
2. On the left navigation bar, select Image security > Image management to go to the Image management page.
3. Select the node image tab to go to the node image page.
4. On the left side of the node image page, you can filter and view by Cluster name > Node name. Click the < button between the tree structure and the image list to fold the tree structure.
5. The top of the node image list summarizes the total number of vulnerabilities in the current cluster or node and classified statistics based on high-, medium-, and low-risk levels and different risk characteristics. The statistical results change correspondingly based on the change in the selection on the left tree structure. Click the category of images you want to view, and the image list conducts filtering and query based on the condition you click.
6. In the node image list, you can filter and query by image name, image ID, image version, software name, software version, vulnerability number, cluster name, node name, blocking policy, running status, risk level, and security issue.
The parameters in the node image list are described as follows:
Parameter | Description |
Image Name | The name of the image, usually in the format of repository name or project name/image name. |
Image Version | Serves as the tag information of the image, which can distinguish images with the same name. |
Operating System | The system type of the base image for building the image. |
Cluster Name | The name of the cluster where the image is located. |
Node Name | The name of the node where the image is located. |
Blocking Policy | Divided into Blocked and Passed, which displays the processing results after image scanning. When an image has a risk issue, the risk can be handled by blocking. |
Running Status | The running status of the image-associated container, which is divided into running, stopped, and not running. |
Risk Level | The risk levels include high risk, moderate risk, low risk, unknown (scanning failure), unscanned, and safe. |
Security Issue | The security issues include: vulnerabilities, ransomware, vulnerabilities requiring special focus, Trojan horse viruses, custom exception files, risk files, custom exception software versions, disallowed software licenses, custom exception environment variables, untrusted images, unknown, and no security issues. |
Discovery Time | The time when the image was first updated. |
Viewing Image Details
1. Log in to the CSG Console.
2. On the left navigation bar, select Image security > Image management to go to the Image management page.
3. Select the registry image or node image tab to go to the corresponding image list page.
4. Click image name in the image list, and go to the details page to view the basic information, associated information, vulnerabilities, software, files, environment variables, security traceability, and other related information of the image.
Viewing the Image Security Overview
On the summary page, you can view the basic information about images, risk scores, security issues, security policies for image hits, security suggestions, and other information.
Viewing Image-Associated Containers
On the related container page, you can view information about the container associated with the image, including the container name, the name of the pod where the container resides, the name of the cluster to which the container belongs, and the name of the node where the container runs.
Viewing Image Vulnerability Details
On the vulnerability page, you can view the vulnerability statistics of each risk level in the image. Click CVE in the vulnerability list to view detailed information of the vulnerability, including vulnerability introduction, vulnerability score, source information, etc.
Click"Hit security policy" on the detail page to view the security policy for vulnerability hits.
Click"Join the whitelist" in the details operation column to ignore this vulnerability. After the addition is complete, the vulnerabilities added to the trustlist are no longer displayed when scanning this image.
Viewing Image Software Information
On the Software page, you can view the relevant information about the software in the current image and the hitting policy in the software. In addition, you can add the software to the trustlist.
Click"Join the whitelist" to the right of the software list to mask security issues with the software. After the addition is complete, this software will not hit the security policy.
Viewing File Information in the Image
On the file page, you can view all the file information in the image and the file hit policy. In addition, you can add the file to the trustlist and download it locally.
To mask security issues with the file, click"Join the whitelist" in the file list operation column.
To download a file locally, click download in the file list operation column.
Click"File preview" in the file list operation column, and you can view the content of the file without downloading it.
Viewing Image Environment Variables
On the environment variables page, you can view all the environment variables in the image and the security policy for hitting environment variables.
Security Traceability
On the security tracing page, you can view the security risks introduced in the image building history and related information, including the ID of the image layer, building commands, introduced risk points, and operation time.
