Welcome to

Container Security Help

Qualys Container Security (CS) provides continuous visibility, vulnerability management, and compliance monitoring for containerized environments across the build, deploy, and runtime stages.

Overview

Qualys Container Security provides comprehensive lifecycle protection for containerized environments—from image build to deployment and runtime—using native sensors and the Qualys Enterprise TruRisk™ Platform. It provides continuous discovery, inventory tracking, and real-time vulnerability and compliance assessments for container images, registries, and active containers. With support for CI/CD integration, it enables 'shift-left' enforcement through image scanning and admission controls before deployment. In runtime, it monitors file and process events, detects malware and secrets, and enforces policy-driven security across Kubernetes and Docker environments.

Qualys Container Security Overview

Key Features

Continuous Vulnerability and Risk Assessment

⟳

Discover and scan containers and images across Kubernetes, Docker, registries, and CI/CD for vulnerabilities, malware, secrets, and SBOM—prioritizing risks in active workloads.

Learn More →

Proactive Risk Prioritization with Attack Path Analysis

⟳

Combine Attack Path Exposure with TruRisk scoring to focus on the most critical risk combinations. Use dynamic container tagging for resilience at scale.

Learn More →

Image Layer Vulnerabilities and Remediation

⟳

Link OS, base image, and open-source package issues to application layers for developer or SecOps ownership. Automate remediation with ServiceNow integration.

Learn More →

Admission Controls and Shift-Left Guardrails

⟳

Enforce security early with Admission Controller and CI/CD policies to block unsafe images and configurations before production.

Learn More →

Continuous Kubernetes Security Posture Management (KSPM)

⟳

Secure Kubernetes (EKS, AKS, GKE, OpenShift) by uncovering API, RBAC, and network gaps. Continuously monitor sensitive file access with integrated FIM for PCI 4.0.

Learn More →

CS Journey

Follow the Container Security Journey to understand how automated assessments and seamless script execution work.

1

Discover & Inventory

Discover container images, registries, and running containers, and build a complete inventory for full visibility and tracking.
2

Assess & Scan

Scan images for vulnerabilities, misconfigurations, malware, secrets, and SBOM.
3

Prioritize & Enforce

Prioritize critical risks with TruRiskâ„¢ scoring and enforce security by blocking unsafe images through admission controls before deployment.
4

Monitor Runtime

Continuously monitor containers for anomalies and policy drift, while detecting threats and enforcing compliance across Kubernetes and Docker environments.
5

Remediate & Report

Automate remediation workflows with ServiceNow integration and generate compliance reports for audits and governance.

Get Started

Prerequisites

Before using CS, ensure the application is enabled for your subscription and the required Qualys Cloud Agent version is installed for Windows or Linux.

Learn More →

Role-based Access Control (RBAC)

The Qualys Container Security application uses a Role Based Access Control (RBAC) model to control access to Container Security features.

Learn More →

Sensor Configuration and Installation

The Qualys Container Security offers various sensors which allow you to scan your environments.

Learn More →

CS APIs

Get started with CS APIs to automate custom workflows and integrations.

Learn More →

Ready to Get Started with CS?

Begin your journey with Qualys Container Security. Learn how to scan your containers.

Get Started Now →

Looking for something else?

Get the most out of your Qualys Container Security with these helpful resources.

Training Videos KnowledgeBase Articles Blogs Support Product Tours