Qualys Container Security Overview

Qualys Container Security provides discovery, tracking, and continuous protection of container environments. It addresses vulnerability management and policy compliance for images and containers in their DevOps pipeline and deployments across cloud and on-premise environments with the help of various sensors. 

Qualys Container Security offers the following sensors, depending on your environment.

Build Environment

You use this environment to build your container images. Qualys offers CI/CD, QScanner sensors to identify vulnerabilities in your build environment.

  • CI/CD Sensor  - It scans the CI/CD environment and provides the vulnerability report. Qualys Container Security offers CI/CD Sensor as a part of QCS Sensor. 
  • QScanner - This sensor is a CLI that can be integrated into any CI/CD workflow, such as GitHub Actions, Jenkins, and so on, for vulnerability scanning of images. Shift-Left enforcement can be done via CI/CD policies (for example, don’t allow images to be built with Sev-5 Vulnerabilities). It is also capable of conducting Software Composition Analysis (SCA).
    To learn how QScanner works, refer to QScanner Online Help.

Registry Environment

Once developed, container images are mostly pushed to a Registry such as GHCR, OCR, and so on. Qualys Container Security offers the Registry Sensor as part of QCS Sensor.  

Registry Sensor - This sensor performs vulnerability, Zero-Day Malware, and Secret Scanning of Images present in your registry. Scans from a registry can be propagated to running containers. 

Production Environment

The following sensors support vulnerability scans on your production environment, which constitutes the clusters, hosts, pods, and containers. 

  • General Sensor - Scans the container images along with the containers. Qualys Container Security offers the General Sensor as part of QCS Sensor. 
  • Container Runtime Sensor - It tracks the file and process events happening in your containers, which are hosted on a cluster. Qualys Supports Runtime scans in the following environments.
    To know more about Qualys Container Runtime Sensor, refer to Container Runtime Sensor Online Help.
  • Admission Controller - It is a security component designed to work within Kubernetes environments. It helps enforce security policies by validating container images before they are deployed into a Kubernetes cluster. 
    To know more about Qualys Admission Controller, refer to Admission Controller Online Help.
  • Cluster Sensor - It collects the Kubernetes (K8s) Inventory data. This analysis can be used in many fields such as environmental monitoring, industrial automation, and smart infrastructure. 
    To know more about Qualys Cluster Sensor, refer to Cluster Sensor Online Help.

 

 

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.