What data does Container Security collect?

The Qualys Container Security sensor fetches the following information about Images and Containers in your environment:

Inventory of Images and Containers in your environment from commands, such as docker ps that lists all containers.

Metadata information about Images and Containers from commands, such as docker inspect and docker info that fetches low level information on docker objects.

Event information about Images and Containers from the docker host for docker events like created, started, killed, push, pull, etc.

Vulnerabilities found on Images and Containers. This is the output of the vulnerability management manifests run for identifying vulnerability information in Images and Containers. This is primarily software package listing, services running, ports, etc. For example, package manager outputs like rpm -qa, npm. This is supported across various Linux distributions (CentOS, Ubuntu, CoreOS, etc) and across images like Python, NodeJS, Ruby, and so on.

Compliance configurations for OCI-compliant images and running containers. We are supporting a subset of controls from CIS Docker benchmarks, which are applicable to running containers and container images. Customers can assess configuration risks in their running containers and images and remediate them accordingly based on Qualy's findings. The compliance scans of containers and images will be transparent to customers and will function in a similar real-time cloud native manner to the vulnerability scanning feature.