Tencent Container Security Service
Tencent Container Security Service provides rich security services to safeguard containers through their entire lifecycle from image generation and storage to runtime.
Features
Asset Management
Gives a full picture of your assets, including containers, images, image repositories, and servers.
Image Security
Scans images and repositories for vulnerabilities, trojans and viruses. You can also set up allowlists for trusted images.
Runtime Security
Identifies intrusion events and container escapes in real-time to protect container runtime security. Process blocklist/allowlist and file access control policies are supported.
Baseline Security
Checks assets according to baseline items for Docker and Kubernetes based on CIS Benchmarks, and provides professional solutions.
Low Resource Consumption
Connects to the service with a lightweight agent that well compatible with popular operating systems.
Scenarios
Container Image Security
Container Runtime Security
Scan images in repositories, and generate reports and trigger alerts when malicious images are detected.
Configure access policies to trigger alerts when malicious access requests are detected.
FAQs
What can I do with TCSS?
You can scan images and image repositories for security problems, including vulnerabilities, viruses, and sensitive information. For the security of container runtime, TCSS supports detection of container escapes, process allowlist/blocklist, and file access control. Operations logs are also provided to help you get a full image of the container security.
How do I monitor the container health?
Go to the TCSS console and select Security Operations from the left sidebar.
Does TCSS conflict with other security products?
No. Traditional server security products are designed for the north-south traffic and take effect for the operating system layer. TCSS identifies security problems in containers, allowing for the management of complicated container environments at a fine granularity.
How often is the vulnerability library of TCSS updated?
TCSS collects vulnerability intelligence from official sources in real time and updates the vulnerability library at a fixed time every day.
Can I use TCSS across regions?
No. TCSS is a region-specific service.