Container Security Interoperability Matrix

Last updated on: June 12, 2024

This article lists the Qualys Container Security Sensor versions and interoperability with the 3rd party solutions. With each new sensor release, we test and certify the latest sensor version with the 3rd party solutions. We will review this product interoperability matrix on a quarterly basis and update its compatibility accordingly.   

As a general guideline, we recommend you to use the latest sensor version. This will ensure that you always have the latest features that work with the 3rd party solutions. Container Security does not support any 3rd party solutions with EOL (End of Life) status.

Private Registries

If you do not see your container registry or registry version listed below, please contact Qualys Support

 Qualys no longer supports container registries that have reached their End of Life stage as specified by the respective vendors.

Container Registry (Private) Registry Version Minimum Supported CS Sensor Version
Harbor 2.9 1.23.0 or later
JFrog Artifactory  7.46.13  1.23.0 or later 
Docker Private Registry  Docker Registry V2 API*  1.23.0 or later 
RedHat Quay 3.9.1 1.23.0 or later
Mirantis Secure Registry (MSR)  2.9.14  1.23.0 or later 
OpenShift Container Registry (OCR)  4.12  1.23.0 or later 
OpenShift Container Registry (OCR)  4.13, 4.14  1.30.0 or later
Sonatype Nexus Repository 3.59.0 1.23.0 or later  
GitHub Container Registry (GHCR) Enterprise server version 3.12,  
API version 2022-11-28
1.32.0

*These items are tested and certified by using Docker Container Registry API V2.

Public Registries

If you do not see your container registry or registry version listed below, reach out to Qualys Support

Qualys no longer provides support for container registries that have reached their end of life as determined by the respective vendors.

Container Registry (Public)  Minimum Supported CS Sensor Version
AWS ECR  1.23.0 or later 
Azure Container Registry  1.23.0 or later 
DockerHub 1.23.0 or later 
Google Artifact Registry  1.23.0 or later 
Google Container Registry
(Deprecated on 15th May 2023) 
1.23.0 or later 

Upstream OSS Kubernetes Version

Container Security sensors have different modes, including General, Registry and CICD, which are tested with different Container Runtimes, including ContainerD, CRI-O and Docker. Without explicitly testing every sensor mode with every possible runtime engine, Container Security sensors are tested with the most used container runtime, typically ContainerD or CRI-O.

Any that has reached its end-of-life as defined by upstream Kubernetes will no longer be supported by Qualys.

Qualys no longer supports a Kubernetes version that has reached its end of life as defined by upstream Kubernetes.

Upstream OSS Kubernetes Version Container Runtime Tested  Minimum Supported CS Version
Kubernetes 1.27.x  containerd 1.23.0 or later
Kubernetes 1.28.x  containerd 1.23.0 or later 
Kubernetes 1.29.x  containerd 1.31.0 or later 

Kubernetes Cluster Environments

Kubernetes Minimum Supported CS Version 
Azure Kubernetes Service (AKS)  1.23.0 or later
Google Kubernetes Engine (GKE 1.24 to 1.26) 

1.23.0 or later 

Oracle Kubernetes Engine (OKE) 1.30.0
AWS (EKS 1.26 or later)  1.23.0 or later
Red Hat OpenShift 4.13 - 4.14 1.30.0 or later
Tanzu Kubernetes Grid 1.14.1 1.23.0 or later
Rancher Kubernetes Engine (RKE2) 1.28 1.31.0 or later

Docker Orchestrated Environments

Name OS Architecture  Docker Engine Version Minimum Supported CS Version
Docker Engine  Linux x86-64 24.0.x 
25.0.x
1.32.1 or later
Docker Engine  Linux ARM64 24.0.x
25.0.x 
1.32.1 or later

Note: The information provided here is believed to be accurate at the time of publication; however, note that updates and revisions may occur periodically and without prior notice.