Alauda Security Service
  • English

    • Examining Images for Vulnerabilities

    Alauda Security Service enables you to analyze container images for vulnerabilities by using the built-in Scanner V4. The scanner inspects image layers, identifies packages, and matches them against vulnerability databases from sources such as NVD, OSV, and OS-specific feeds.

    When vulnerabilities are detected, Alauda Security Service:

    • Displays them in Vulnerability Management > Results
    • Ranks and highlights them for risk assessment
    • Checks them against enabled security policies

    The scanner identifies installed components by inspecting specific files. If these files are missing, some vulnerabilities may not be detected. Required files include:

    Component TypeRequired Files
    Package managers/etc/alpine-release; /etc/lsb-release; /etc/os-release or /usr/lib/os-release; /etc/oracle-release; /etc/centos-release; /etc/redhat-release; /etc/system-release; other similar files
    Language-level dependenciespackage.json (JavaScript); dist-info/egg-info (Python); MANIFEST.MF (Java JAR)
    Application-level dependenciesdotnet/shared/Microsoft.AspNetCore.App/; dotnet/shared/Microsoft.NETCore.App/

    TOC

    Results ViewsScanner V4 OverviewScanner WorkflowWorkflow StepsCommon Scanner Warning MessagesSupported Platforms and FormatsSupported Linux DistributionsSupported Package FormatsSupported Programming LanguagesSupported Container Image Layer FormatsActive and Watched ImagesOn-Demand ScanningVulnerability Data Updates

    Results Views

    In the current UI, vulnerability findings are organized primarily through Vulnerability Management > Results. Common entry points include:

    • User Workloads
    • Platform
    • Nodes
    • More Views

    Use these views to separate application images, platform components, and node-related findings during triage.

    Scanner V4 Overview

    Scanner V4 is the default scanner. It improves coverage for language-specific and OS-specific components and is used for the image scanning workflows described in this guide.

    Scanner Workflow

    Workflow Steps

    1. Central requests Scanner V4 Indexer to analyze images.
    2. Indexer pulls metadata and downloads layers.
    3. Indexer produces an index report.
    4. Matcher matches images to vulnerabilities and generates reports.

    Common Scanner Warning Messages

    MessageDescription
    Unable to retrieve the OS CVE data, only Language CVE data is availableBase OS not supported; no OS-level CVEs.
    Stale OS CVE dataOS is end-of-life; data may be outdated.
    Failed to get the base OS informationScanner could not determine the base OS.
    Failed to retrieve metadata from the registryRegistry unreachable or authentication failed.
    Image out of scope for Red Hat Vulnerability Scanner CertificationImage is too old for certification.

    Supported Platforms and Formats

    Supported Linux Distributions

    DistributionVersion
    Alpine Linuxalpine:3.2alpine:3.21, alpine:edge
    Amazon Linuxamzn:2018.03, amzn:2, amzn:2023
    CentOScentos:6, centos:7, centos:8
    Debiandebian:11, debian:12, debian:unstable, Distroless
    Oracle Linuxol:5ol:9
    Photon OSphoton:1.0photon:3.0
    RHELrhel:6rhel:9
    SUSEsles:11sles:15, opensuse-leap:15.5, opensuse-leap:15.6
    Ubuntuubuntu:14.04ubuntu:24.10
    INFO

    Some older Debian/Ubuntu versions are not updated by the vendor. Fedora is not supported for OS CVEs.

    Supported Package Formats

    Package FormatPackage Managers
    apkapk
    dpkgapt; dpkg
    rpmdnf; microdnf; rpm; yum

    Supported Programming Languages

    LanguagePackage Format
    GoBinaries (analyzes stdlib and, if present, go.mod dependencies)
    JavaJAR; WAR; EAR; JPI; HPI
    JavaScriptpackage.json
    Pythonegg; wheel
    Rubygem

    Supported Container Image Layer Formats

    FormatScanner V4
    No compressionYes
    bzip2Yes
    gzipYes
    xzNo
    zstdYes

    Active and Watched Images

    Alauda Security Service scans all active images every 4 hours. You can also add inactive images to the watched image list so they continue to be scanned and tracked.

    Steps:

    1. In the portal, go to Vulnerability Management > Results.
    2. Click More Views > Inactive images.
    3. Click Manage watched images and add or remove images as needed.
    INFO

    Data for removed images is retained for the configured period in System Configuration.

    On-Demand Scanning

    To retrieve scan results on demand, you can also use the CLI:

    roxctl image scan --image=<image_name>

    If delegated scanning is configured for a cluster, you can add --cluster=<cluster_name> to route the image scan request to that cluster.

    Vulnerability Data Updates

    In connected environments, Central fetches vulnerability definitions every 5 minutes from https://definitions.stackrox.io.

    For disconnected environments, use the offline workflow described in Using Alauda Security Service in Offline Mode.