Configuration Details

Provide the following configuration details:

  1. API login information (Select Use Proxy to provide proxy information). 

    Bamboo Form

    Authentication Mechanism

    Configure OIDC Authentication

    Use this method if your Qualys environment is configured for OpenID Connect with Client ID and Client Secret.
    login_with_clientid_client_secret.

    Perform the following steps:

    1. From the Authentication Type, select OAuth.
    2. Provide the following required fields:
      1. Qualys client id
        Enter the Client ID received from your Qualys OIDC configuration.
      2. Qualys client secret
        Enter the corresponding Client Secret.

    Configure Basic Authentication

    1. Use this method if your Qualys setup uses a standard username and password.

      Perform the following steps:

    2. From the Authentication Type, select Basic.
    3. Provide the following required fields:
      1. API User
        The Qualys username used for API access.
      2. API Password
        The password for the above username.
  2. Data Collection frequency.
  3. Build Failure conditions.
  4. Container image IDs/image names to check for vulnerabilities. We internally use the corresponding image sha256 of the image IDs / image names.

     When multiple images are specified in the image ID input and during the scan, if the build timeout is reached for any of them, then the plugin generates the scan result and renders the report for the images for which it receives the scan data.

  5. Forward Bamboo job results to a WebHook URL. When you are ready, click Save Configuration.

Once you save the details, the plugin uses the API credentials you provided to verify that it can call the Qualys Container Security API.

 An error is shown if the plugin's call to the Container Security API fails.

Next Step

Qualys API Server URL

 

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: March, 2026