TCSS and TCR/CCR are integrated by default to scan TCR and CCR images.
Note:
By default, TCSS requests TCR repository assets over the public network. If you enable access control for your repository instance, you need to add the service IP range to the allowlist before use or switch the network type. On the Repository Images page, click Operation Guide at the top to add the IP to the allowlist or switch to VPC as instructed.
During your first use, you need to manually update the repository image data. On the Repository Images page, click Data update in the top-right corner to update the data, which may take a long time the first time.
The backend will automatically update the repository image data between 0:00 AM and 3:00 AM every day.
Connecting to Harbor
1. Log in to the TCSS console and select Image Risk Control > Repository Images on the left sidebar.
2. On the Repository Images page, click Image repository management in the top-right corner.
3. In the image repository list, click Add image repository.
4. In the Add image repository pop-up window, configure parameters and click OK.
Parameters:
Parameter
Description
Instance name
Enter the image repository name, which is unique and cannot be left empty.
Repository type
Select a third-party image repository, which can be Harbor.
Version
Select the third-party image repository version, which can be:
V1: The image repository version of 1.X.X.
V2: The image repository version of 2.X.X or later.
Network type
Select the network access type of the third-party image repository, which can be Public network.
Region
Select the region of the third-party image repository, which is **Default region** for Harbor.
Address
Enter the access address of the third-party image repository.
Username
Enter the username for accessing the third-party image repository.
Password
Enter the password for accessing the third-party image repository.
Limit
Select the number of images that can be pulled synchronously every hour. Valid values: 5, 10, 20, 50, 100, 500, 1000, unlimited (default).
Validate remote certificates
Specify whether to verify the certificate of the remote image repository for image sync. If the repository uses a self-signed or non-trusted certificate, do not select this option. By default, this option is selected.
Enabling Data Scan
On the Repository Images page, the data scan module displays the number of images at risk, total number of images, and the numbers of vulnerabilities, viruses, trojans, and sensitive data pieces in the images after the last scan.
Enabling quick scan
1. On the Repository Images page, click Scan now on the right to get the latest image data or risk information.
2. On the Scanning settings page, select the Risk category and Images as needed.
Risk category: Vulnerabilities or Sensitive data.
Images: All images or Specified images. Click
or
to select or delete the target specified image.
Note:
You can press Shift to select multiple ones.
4. After selecting the target content, click Scan now.
Note:
After the scan starts, all images with the same ID as the selected image will be scanned at the same time.
Enabling scheduled scan
1. On the Repository Images page, click Scheduled scan settings on the right to specify whether to enable the scheduled scan feature.
2. On the Scheduled scan settings page, toggle on the On/Off switch and set the Frequency, Risk category, and Images as needed.
Frequency: It can be every day, every 7 days, every 15 days, every 30 days, or a specified time range.
Risk category: Click
to select Vulnerabilities, Sensitive data, or Virus & Trojan as needed.
Images: All images or Specified images. Click
or
to select or delete the target specified image.
Note:
You can press Shift to select multiple ones.
4. After selecting the target content, click Set or Cancel.
Viewing the List of Repository Images
Log in to the TCSS console and select Image Risk Control > Repository Images on the left sidebar.
Image licensing event
1. On the Repository Images page, click License.
2. In the pop-up window, click OK.
Note:
A license will be assigned to this image.
Filtering images
On the Repository Images page, filter images as follows:
Click the scanning status drop-down list to filter images by scanning status.
Click the security status drop-down list to filter images by security status.
Click the repository type drop-down list to filter images by repository type.
Click the licensing status drop-down list to filter images by licensing status.
Click the search box and search for images by keyword such as image name or image digest.
Exporting an image
On the Repository Images page, click
to select the target image repository and click
to export it.
Viewing the list details
On the Repository Images page, click Details to display the drawer on the right, which displays the image risk information, details, and list of vulnerabilities.
Note:
Image risk: It indicates whether the image scan is successful and the numbers of vulnerabilities, viruses, trojans, and sensitive data pieces.
Image details: It includes the image name, image digest, and image size.
Vulnerability list: You can filter image security vulnerability events by vulnerability severity or search for them by vulnerability name. Click View details to view the vulnerability details and fix suggestion.
Virus and trojan list: You can filter image security events by virus or trojan severity or search for them by filename. Click View details to view the virus or trojan details and suggestion.
Sensitive data list: You can filter security events by sensitive data severity, name, or type.
Image build history: It logs the image build history.
Image scanning
1. On the Repository Images page, click Scan now > OK to scan an image in "Not scanned" status.
2. On the Repository Images page, click Cancel scanning to cancel scanning an image in "Scanning" status.
Note:
Click
to select multiple images and click Cancel scanning next to ② to batch cancel them.
3. On the Repository Images page, click Scan again after the previous scan task ends to scan the image again.
Note:
Click
to select multiple images and click Scan again next to ② to batch scan them again.
Custom list management
1. On the Repository Images page, click
to pop up the Custom List Management window.
2. In the pop-up window, select the target type and click OK.
Fields in the list
1. Image repository address: Source address of the repository image.
2. Repository type: Type of the image repository, which can be TCR or CCR.
3. Image version: Tag of the repository image.
4. Last scanned: The time of the last scan.
5. Risks: Type of the risks to the container.
6. Status: Container scanning status, which can be Scanned, Not scanned, Scanning, Cancelled, or Scan exception.
Note:
We recommend you scan again in case of an exception.
Yes
No
Was this page helpful?