diff --git a/Security/config/image-scanning-config.yml b/Security/config/image-scanning-config.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7731396d89e7278182d0bc6233c55d8796a4d485
--- /dev/null
+++ b/Security/config/image-scanning-config.yml
@@ -0,0 +1,60 @@
+# 容器镜像安全漏洞扫描配置
+version: "1.0"
+scanner:
+  # 全局扫描配置
+  global:
+    # 默认扫描的镜像架构，优先级低于具体tag设置的arches
+    default_arches:
+      - linux/amd64
+      - linux/arm64
+    # 默认扫描周期，优先级低于具体tag设置的interval
+    default_interval: "24h"  # 支持格式: 24h, 1d, 1w, 30m
+    # 扫描结果输出位置
+    output:
+      repo: "https://gitee.com/openeuler/openeuler-docker-images"  # json/html/xml
+      path: "Security/reports"
+
+
+# 批量扫描仓库
+repos:
+  - namespace: "openeuler"
+    registry: "quay.io"
+    images:                   
+      - redis                   # 批量扫描quay.io/openeuler/redis仓库下的所有tag
+      - postgres                # 批量扫描quay.io/openeuler/postgres仓库下的所有tag
+    arches:
+      - linux/arm64
+
+# 精准扫描镜像
+images:
+  - image: "nginx"
+    tags:
+      - tag: "docker.io/openeuler/nginx:latest"
+        interval: "12h"       # 覆盖全局默认值
+        arches:
+          - linux/arm64       # 指定扫描的架构
+        
+      - tag: "quay.io/openeuler/nginx:1.27.2-oe2203sp4"
+        interval: "1d"
+         
+  - image: "redis"
+    tags:        
+      - tag: "docker.io/openeuler/redis:7.4.1-oe2203sp4"            # 示例: 不活跃的扫描项
+        disable: true                                               # 仅在出现disable为true时不会扫描此tag
+        
+  # 使用全局扫描周期
+  - image: "postgres"
+    tags:
+      - tag: "hub.oepkgs.net/openeuler/postgres:17.5-oe2403sp1"
+          
+# 通知配置（可选）
+notifications:
+  email:
+    enabled: true
+    recipients:
+      - "security@example.com"
+    smtp_server: "smtp.example.com:587"
+  
+  slack:
+    enabled: false
+    webhook_url: ""
\ No newline at end of file