Oracle Cloud Infrastructure Documentation

Container Image Scans

View container image scans in Oracle Cloud Infrastructure Vulnerability Scanning Service to identify security vulnerabilities in your Container Registry images, like critical OS patches.

Note

You can configure image scanning and view results using either:

At least one container image target must exist before any container image scans are created. See Container Image Targets.

The Vulnerability Scanning service creates a separate report for each container image that you added to the target configurations. The report has the same name as the image.

When a target is created, the Vulnerability Scanning service scans a specified initial number of images in the target repositories (one image by default). After this initial scan, the service also scans any new image that's pushed to the target.

The Vulnerability Scanning service saves the results for an image repository in the same compartment as the repository's Vulnerability Scanning target.

Consider the following example.

  • The repository MyRepo in Container Registry is in CompartmentA.
  • MyRepo is specified in Target1.
  • Target1 is in CompartmentB.
  • All reports related to MyRepo are in CompartmentB.

The Vulnerability Scanning service categorizes problems by these risk levels.

  • Critical- the most serious problems detected, which should be your highest priority to resolve.
  • High- the next most serious problems.
  • Medium- problems that are less serious.
  • Low- problems that are still less serious.
  • Minor- the least serious problems detected; they still need be resolved eventually, but can be your lowest priority.

This section contains the following topics: