Container Security Interoperability Matrix

Last updated on: September 25, 2025

This article lists the Qualys Container Security Sensor versions and interoperability with third-party solutions. With each new sensor release, we test and certify the latest sensor version with the third-party solutions. We will review this product interoperability matrix on a quarterly basis and update its compatibility accordingly.   

As a general guideline, we recommend you to use the latest sensor version. This will ensure that you always have the latest features that work with the third-party solutions. Qualys Container Security does not support any third-party solutions with EOL (End of Life) status.

The information provided in this article is believed to be accurate at the time of publication; however, updates and revisions may occur periodically and without prior notice.

Private Registries

If you do not see your container registry or registry version listed below, please contact Qualys Support

Qualys no longer supports container registries that have reached their End of Life stage as specified by the respective vendors.

Container Registry (Private) Registry Version Minimum Supported CS Sensor Version
Harbor 2.13.2 1.23.0 or later
JFrog Artifactory  7.46.13 1.23.0 or later 
Docker Private Registry  Docker Registry V2 API*  1.23.0 or later 
RedHat Quay 3.9.1 1.23.0 or later 
Mirantis Secure Registry (MSR)  2.9.14 1.23.0 or later 
OpenShift Container Registry (OCR)  4.12 1.23.0 or later 
4.13, 4.14 1.30.0 or later 
Sonatype Nexus Repository 3.59.0 1.23.0 or later   
GitHub Container Registry (GHCR) API version 2022-11-28 1.32.0 or later 

*These items are tested and certified by using Docker Container Registry API V2.

Public Registries

If you do not see your container registry or registry version listed below, reach out to Qualys Support

Qualys no longer provides support for container registries that have reached their end of life as determined by the respective vendors.

Container Registry (Public)  Minimum Supported CS Sensor Version
AWS ECR  1.23.0 or later  
Azure Container Registry  1.23.0 or later  
DockerHub 1.23.0 or later  
Google Artifact Registry  1.23.0 or later  
Oracle Cloud Infrastructure Registry (OCIR) 1.37.0 or later

Upstream OSS Kubernetes Version

Container Security sensors have different modes, including General, Registry and CICD, which are tested with different Container Runtimes, including ContainerD, CRI-O and Docker. Without explicitly testing every sensor mode with every possible runtime engine, Container Security sensors are tested with the most used container runtime, typically ContainerD or CRI-O.

Any that has reached its end-of-life as defined by upstream Kubernetes will no longer be supported by Qualys.

Qualys no longer supports a Kubernetes version that has reached its end of life as defined by upstream Kubernetes.

Upstream OSS Kubernetes Version Container Runtime Tested  Minimum Supported CS Version
Kubernetes 1.31.x  containerd 1.33.0 or later
Kubernetes 1.32.x  containerd 1.33.0 or later 
Kubernetes 1.33.x  containerd 1.33.0 or later 

Kubernetes Cluster Environments

Kubernetes Minimum Supported CS Version 
Azure Kubernetes Service (AKS 1.31 or later)  1.33.0 or later
Google Kubernetes Engine - Standard mode
(GKE 1.32 or later) 
1.33.0 or later
Google Kubernetes Engine - Autopilot mode
(GKE 1.33.4 or later)
1.37.0 to 1.39.0
Oracle Kubernetes Engine (OKE) 1.30.0 or later
AWS EKS (EKS 1.32 or later) 1.33.0 or later
RedHat OpenShift 4.17 1.37.0 or later
Tanzu Kubernetes Grid 2.5.3 1.40.0 or later
Rancher Kubernetes Engine (RKE2) 1.28 or later 1.31.0 or later

Docker Environments

Name OS Architecture  Docker Engine Version Minimum Supported CS Version
Docker Engine  Linux x86-64 27.5.x
28.4.x
1.32.1 or later
Docker Engine  Linux ARM64 27.5.x
28.4.x
1.32.1 or later

Podman Support for Qualys Sensor

Name OS Architecture  Podman Engine Version Minimum Supported CS Version
Podman Engine  Linux x86-64 5.6.1 and above 1.38.0 or later