tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Tencent Container Security Service
    Documentation
    Download PDF

    Use Cases

    Last updated: 2024-01-23 15:35:06
    Download PDF

      Container image protection

      Images are vulnerable to application vulnerabilities, viruses, trojans, and sensitive information leakage. TCSS supports thorough image checks throughout the lifecycle from build and shipping to running. It can detect security risks to images and control image running. It also allows you to customize rules to protect images.
      

      Container escape attack detection

      Containers are poorly isolated, and attackers can utilize sensitive path mounting and vulnerabilities to escape to the host, which directly affects the confidentiality, integrity, and availability of the underlying infrastructure. TCSS supports detecting a variety of escapes, such as:
      Escape caused by the container running in privileged mode.
      Container escape caused by dangerous mounting (mounting of the Docker socket and proc file system of the host).
      Privilege escalation caused by the switch from a general account to a root account during the container process.
      Capability privilege escalation during the container process.
      Mount file namespace isolation broken during the container process.
      Blocklist limits broken by seccomp syscall during the container process.
      Modification of a host file not mounted to the container during the process (such as CVE-2019-5736).
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy