Compliance Scanning in Container Security
Qualys supports compliance scanning/assessments of running containers and images. Perform Policy Compliance (PC) checks and configuration assessments on your running containers and container images. We support a subset of controls from CIS Docker benchmarks, which are applicable to running containers and container images. Customers can assess configuration risks in their running containers and images and remediate them accordingly based on the Qualys findings.
Prerequisites
Upgrade your sensors to the latest Container Security Sensor version. See the latest Sensor details here - Qualys Release Notes.
How it works
The updated Qualys Container Sensor runs an additional scan of configurations in containers, images and uploads additional scan metadata to the Qualys backend. Based on the scan metadata, the backend performs an assessment against various industry standard benchmarks and controls for compliance assessment.
The compliance scans of containers, images will be transparent to customers and will function in a similar real-time cloud native manner like the vulnerability scanning feature. The configuration scan results will be available in the UI and the API. In the UI, view Image and Container details to get compliance posture (PASS or FAIL) and control information.
View compliance information
You'll see compliance information in the UI for your images and containers. In the Images and Containers lists, you'll see a column called Compliance with the number of controls that have a posture of PASS and FAIL.
Here's a sample list of containers:
Easily search images and containers by control ID, control criticality (MINIMAL, MEDIUM, SERIOUS, CRITICAL, URGENT) and control posture (PASS, FAIL).
Drill down into the details for any image or container to see compliance information, including the list of controls that were scanned with control details (CID, criticality, statement, category, technologies).
Drill down into the details for any control to get control details, including the control category, policy and technologies.
Compliance APIs
Compliance information can also be fetched using Compliance APIs. Use APIs to:
- fetch compliance posture for an image
- fetch compliance posture for a container
- fetch control details
- fetch a list of controls
See the Compliance section of the Container Security API Guide for more information.