Get Started with Qualys Container Scanning Connector for Bamboo

Welcome to Qualys Container Security! This solution helps you secure your container environments, including images, containers, and Docker hosts, using the Qualys Enterprise TruRisk™ Platform.

The Qualys Container Scanning Connector for Bamboo integrates container image vulnerability scanning directly into CI/CD pipelines, enabling teams to assess security posture before deployment. By automatically tagging and scanning images built through Bamboo, the plugin identifies vulnerabilities and can enforce build policies that prevent insecure images from reaching production. This approach shifts security left in the development process, allowing practitioners to catch and remediate risks early rather than discovering them downstream. For security teams, this means reducing exposure windows and automating compliance checks without disrupting developer workflows.

Qualys Container Security provides a Bamboo plugin that gives visibility into the security posture of container images built during the CI/CD process. It allows teams to control build outcomes based on detected vulnerabilities, ensuring that only secure images move forward in the pipeline.

Prerequisites

To integrate Qualys Container Security with Bamboo, the following prerequisites must be met:

• A valid Qualys subscription with the Container Security application activated.

• Access to Qualys Container Security application API endpoint from your build host.

• The CI/CD environment container sensor must be installed on the Bamboo build host. Refer to the Qualys Container Security Sensor Deployment Guide for instructions on installing the container cicd sensor. You must pass the following parameter while deploying the sensor for the CI/CD environment:
  cicd-deployed-sensor or -c.

• If you are using Qualys Container Scanning Connector for Bamboo v1.8.0.0, then the Bamboo CICD tool version must be 11.0.7 or later.

• An Internet connection is required for the agent to connect to the Qualys Enterprise TruRisk™ Platform. If the agent is running behind a proxy, install a sensor with the proxy option

• The Bamboo server and agents require an open connection to the Qualys Enterprise TruRisk™ Platform to retrieve data from the Qualys Enterprise TruRisk™ Platform for vulnerability reporting.

• Bamboo plugin automatically tags images built out of CI/CD pipeline with the tag qualys_scan_target:<image-sha> to mark them for scanning and only those images are scanned for vulnerabilities. Once the scanning is over, Qualys Container Sensor removes the tag. However, if an image has no other tag applied to it other than 'qualys_scan_target:<image-sha>,' the sensor retains the tag to avoid the removal of the image from the host.

 The Qualys Container Scanning Connector for Bamboo is verified against the legacy type of Bamboo server installation.

Quick Steps to Integrate

• Install the Plugin
• Scan CI/CD Images
• Use the Plugin
• Define Container Image IDs
• Use the WebHook 
• Configuration Details

Links to the Container Scanning Connector Related Documents 

• For information on using the Container Security UI to monitor vulnerabilities in Images, Containers, and Registries, refer to the Qualys Container Security User Guide.
• For information on deploying the sensor on MAC, CoreOS, and various orchestrators and cloud environments, refer to the Qualys Container Sensor Deployment Guide.
• For information on using the Container Security API, refer to the Qualys Container Security API Guide.
• For information on the Jenkins plugin, see Qualys Container Scanning Connector for Jenkins.