Qualys Container Security Overview

Qualys Container Security provides discovery, tracking, and continuous protection of container environments. It addresses vulnerability management and policy compliance for images and containers in their DevOps pipeline and deployments across cloud and on-premise environments.

 

Qualys Container Security offers the following sensors, depending on your environment.

Build Environment

You use this environment to build your container images. Qualys offers CI/CD, QScanner sensors to identify vulnerabilities in your build environment.

  • CI/CD Sensor  - It scans the CI/CD environment and provides the vulnerability report. Qualys Container Security offers CI/CD Sensor as a part of QCS Sensor. 
  • QScanner - This sensor is a CLI that can be integrated into any CI/CD workflow, such as GitHub Actions, Jenkins, and so on, for vulnerability scanning of images. Shift-Left enforcement can be done via CI/CD policies (for example, don’t allow images to be built with Sev-5 Vulnerabilities). It is also capable of conducting Software Composition Analysis (SCA). To learn how QScanner works, refer to QScanner Online Help.

Registry Environment

Once developed, container images are mostly pushed to a Registry such as GHCR, OCR, and so on. Qualys Container Security offers the Registry Sensor as part of QCS Sensor.  

Registry Sensor - This sensor performs vulnerability, Zero-Day Malware, and Secret Scanning of Images present in your registry. Scans from a registry can be propagated to running containers. 

Production Environment

The following sensors support vulnerability scans on your production environment, which constitutes the clusters, hosts, pods, and containers. 

  • General Sensor - Scans the container images along with the containers. Qualys Container Security offers the General Sensor as part of QCS Sensor. 
  • Container Runtime Sensor -  It tracks the file and process events happening in your containers, which are hosted on a cluster. Qualys Supports Runtime scans in the following environments. 
  • Admission Controller
  •  
  •  

Hosts

  • Standalone Docker Hosts
  • AWS ECS on EC2
  • ECS on Fargate

 

To learn more about Container Runtime Sensor, refer to CRS Online Help.

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.