Qualys Container Security Sensor

The Qualys Container Security sensor (qcs-sensor) is designed for native support of Docker environments. The sensor is packaged and delivered as a Docker Image. Download the image and deploy it as a Container alongside other application containers on the host.

The sensor is Docker-based and can be deployed on hosts in your data center or in cloud environments such as AWS ECS. The sensor is currently supported only on Linux Operating systems and requires a Docker daemon version 1.12 or higher to be available.

Since they are Docker-based, the sensor can be deployed into orchestration tool environments like Kubernetes, Mesos or Docker Swarm just like any other application container.

Upon installation, the sensor automatically discovers Images and Containers on the deployed host, provides a vulnerability analysis of them, and additionally monitors and reports on Docker-related events on the host. The sensor lists and scans registries for vulnerable images. The sensor also performs compliance assessments. The sensor container runs in non-privileged mode. It requires persistent storage for storing and caching files.

Currently, the sensor only scans Images and containers. To assess the vulnerability posture on the Host, you would need Qualys Cloud Agents or a scan using the Qualys Virtual Scanner Appliance.