Oracle Cloud Infrastructure Documentation

Getting a Container Image's Report Details

View details about potential OS vulnerabilities that were detected on a specific image in Container Registry.

Oracle uses common vulnerabilities and exposures (CVE) numbers to identify security vulnerabilities for operating systems and other software, including critical patch updates and security alert advisories. CVE numbers are unique, common identifiers for publicly known information about security vulnerabilities. View Qualys IDs (QIDs) in the Vulnerability Scanning service user interface.

The results of a container image scan include the specific vulnerabilities in the CVE database that were detected in the image.

Each image in Container Registry is identified by the following information.

  • Image tag- A string used to refer to a particular image in a repository. For example, 4.6.3, version2.0.test
  • Image path- The fully qualified path to the image, including the repository name and image tag. For example, us-phoenix-1.ocir.io/mytenancy/myrepo:version2.0.test

  • To view the results of container image scans, use the following steps:

    1. Open the navigation menu and click Identity & Security. Under Scanning, click Scanning Reports.
    2. Select the compartment in which you created the target.
    3. Click the Container images tab.
    4. (Optional) Filter the table of reports by selecting a value in Risk level.
    5. (Optional) Select dates in Scan start date and Scan end date.

      By default, only the most recent scan reports are displayed. To view older reports, choose specific start and end dates.

      Or, click Scan start date and click either Past 7 Days or Past 30 Days.

      Click Reset at any time to set the risk level and date ranges back to the default values.

    6. (Optional) Click the table columns to sort the container image scans.
    7. To view the details for a container image scan, click its name.

      The following details are shown for each issue detected in this image:

      • Issue ID
      • Risk level
      • Issue description
      • Last detected
      • First detected
      • Cause and remediation
    8. Click Issue ID to view more details about a specific vulnerability.

    You can also use vulnerabilities reports to browse all vulnerabilities that the Vulnerability Scanning service detected.

  • Use the oci vulnerability-scanning container scan result get command and required parameters to retrieve a container scan result identified by the container scan ID:

    oci vulnerability-scanning container scan result get [OPTIONS]

    For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

  • Run the GetContainerScanResult operation to retrieve a container scan result identified by the container scan ID: