Oracle Cloud Infrastructure Documentation

Listing Container Image Scans

List potential OS vulnerabilities detected on a specific image in Container Registry.

Oracle uses common vulnerabilities and exposures (CVE) numbers to identify security vulnerabilities for operating systems and other software, including critical patch updates and security alert advisories. CVE numbers are unique, common identifiers for publicly known information about security vulnerabilities. View Qualys IDs (QIDs) in the Vulnerability Scanning service user interface.

The results of a container image scan include the specific vulnerabilities in the CVE database that were detected in the image.

Each image in Container Registry is identified by the following information.

  • Image tag- A string used to refer to a particular image in a repository.

    Examples: 4.6.3, version2.0.test

  • Image path- The fully qualified path to the image, including the repository name and image tag.

    Example: us-phoenix-1.ocir.io/mytenancy/myrepo:version2.0.test

    1. Open the navigation menu  and select Identity & Security. Under Scanning, select Scanning Reports.
    2. To view the image scan reports in a different compartment, use the Compartment filter to switch compartments.

      You must have permission to work in a compartment to see the resources in it. If you're not sure which compartment to use, contact an administrator. For more information, see Understanding Compartments.

    Filtering List Results

    Use filters to limit the <resourceTypes> in the list. Perform one of the following actions depending on the options that you see:

    • Select a value in Risk level.
    • Select dates in Scan start date and Scan end date:
      • By default, only the most recent scan reports are displayed. To view older reports, select specific start and end dates.
      • Or, select Scan start date and select either Past 7 Days or Past 30 Days.
      • Select Reset at any time to set the risk level and date ranges back to the default values.
    • On the left side of the list page, select a value from one of the available filters, such as compartment, state, or tags.

    Change the order of the items in the list table by using the sort icons next to the column names.

    Actions

    In the list table, select the name of a scan reports to open its details page, where you can view its status and perform other tasks.

    To perform an action on a scan reports directly from the list table, select any of the following options from the Actions menu (Actions Menu) in the row for that report:

  • Use the oci vulnerability-scanning container scan result list command and required parameters to retrieve a list of container scan results in a compartment:

    oci vulnerability-scanning container scan result list --compartment-id <compartment_ocid>

    For example:

    oci vulnerability-scanning container scan result list --compartment-id ocid1.compartment.oc1..exampleuniqueID

    For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

  • Run the ListContainerScanResults operation to retrieve a list of container scan results in a compartment.