Containers
Manage containers by following the guidelines below.
Vulnerability Scanning Process
All container images submitted for listing on the Oracle Cloud Marketplace are automatically scanned by Oracle's Vulnerability Scanning Service. This means that partners do not need to perform the scan themselves.
Approval Criteria
Container images that contain high or critical risk level vulnerabilities will be automatically blocked from approval. Only images that are free of high and critical risk vulnerabilities will be considered for listing on the Marketplace.
Optional Partner Scanning
Although not required, partners have the option to scan their images before submission. This allows them to obtain a report on potential vulnerabilities categorized by risk level and proactively address any issues before submitting the images for Marketplace approval. If partners choose to scan their images, they can use the Oracle Cloud Infrastructure Vulnerability Scanning service.
Understanding Risk Levels
- Critical (highest priority)
- High
- Medium
- Low
- Minor (lowest priority)
Best Practices for Partners
Partners are encouraged to regularly update their container images with the latest security patches and to follow secure coding and configuration practices when building their containers. If an image is blocked due to vulnerabilities, partners should review the vulnerability report provided by the Vulnerability Scanning service, address all high and critical risk issues, and resubmit the updated image for approval.