Pre-requisites for CS Scans

Below are the pre-requisites for all scans provided by Container Security.

  • Qualys Account & Subscription
    You need an active Qualys subscription with the Container Security module enabled. This ensures access to all CS features, including image scanning, runtime monitoring, and policy enforcement. Additionally, in order to get vulnerabilities for the hosts that run the containers, you would need to enable Vulnerability Management (VM), either using Qualys Scanner Appliance or Cloud Agent.

  • Supported Environment
    Your infrastructure should include supported container platforms such as Docker and Kubernetes (EKS, AKS, GKE, OpenShift). You also need access to container registries, such as Docker Hub, Amazon ECR, or Google GCR, for image scanning.

  • Sensor Deployment Requirements
    Prepare Linux hosts or Kubernetes clusters with root-level access for deploying Qualys sensors. Ensure the operating system and kernel versions meet Qualys compatibility requirements. 

  • Permissions
    Provide registry credentials with read access for image scanning. For Kubernetes environments, cluster admin permissions are required to configure the Admission Controller and enforce security policies.

  • Network & Connectivity
    Sensors must have outbound connectivity to the Qualys Enterprise TruRisk™ Platform over HTTPS (port 443). Make sure Qualys IP addresses and domains are 'allowlisted' in your firewall settings.

  • CI/CD Integration (Optional)
    If you plan to shift security left, ensure access to CI/CD tools like Jenkins, GitHub Actions, or Azure DevOps. This allows integration of image scanning into your build pipelines.

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: February, 2026