Admission Controller 1.1.0

January 24, 2025 

Qualys strongly recommends upgrading your Qualys Admission Controller to 1.1.0 version to avail the latest features and enhancements. 

To know more about Admission Controller, refer to Qualys Container Security Online Help.
 

What’s New?

Support for Pod Security Policies for Admission Controller

With this release, Admission Controller introduced Pod Security Policies to enforce compliance with organizational security standards using the following policies.

  • Enhance isolation and security by blocking host process containers, shared namespaces, privileged containers, HostPath volumes, and host ports.
  • Reduce attack surface with secure configurations by limiting capabilities, enforcing default mounts, and preventing privilege escalation.
  • Strengthen protection with non-root containers and minimize risks of host-level vulnerabilities.

These policies simplify security enforcement while maintaining flexibility for development workflows.

Support for Image Security Policies for Admission Controller

With this release, Image Security Policies ensure secure and compliant container images by:

  • Prevent deployment of images with vulnerabilities, and embedded secrets to safeguard your environment (Currently, blocking embedded secrets is supported exclusively through the Admission Controller.)
  • Strengthen security by limiting vulnerabilities by severity or CVSS, QDS, and blocking known issues with QIDs or CVEs.
  • Maintain compliance by enforcing detection score thresholds and restricting unauthorized or untrusted images and unauthorized installed software.

Support for Exclusions

Using this option, you can bypass rules to exempt trusted images or namespaces matching specific conditions. You can also exclude non-patchable or recently published vulnerabilities.  

Change in Admission Review Requests

With forthcoming releases, the Admission review requests will be defined as 'Pass' or 'Fail'. Existing policy rules using 'Allow' actions will automatically be treated as 'Fail'. You should review and test policies to ensure compliance and avoid disruptions.

 

To understand Admission Controller Centralized Policy Management update affecting Enterprise TruRisk™ Platform, refer to Container Security 1.36 Release Notes.