Qualys Container Security Overview

Qualys Container Security provides discovery, tracking, and continuously protecting container environments. This addresses vulnerability management and policy compliance for images and containers in their DevOps pipeline and deployments across cloud and on-premise environments.

 

Qualys Container Security offers the following sensors depending on your environment.

CI-CD Pipeline

CI/CD Sensor

QScanner - This sensor is a CLI that can be integrated into any CI/CD workflow, such as GitHub Actions, Jenkins, and so on, for vulnerability scanning of images. Shift-Left enforcement can be done via CI/CD policies (for example, don’t allow images to be built with Sev-5 Vulnerabilities). It is also capable of conducting Software Composition Analysis (SCA). To learn how QScanner works, refer to QScanner Online Help.

Registry

Registry Sensor - This sensor performs vulnerability, Zero-Day Malware, and Secret Scanning of Images present in your registry. Scans from a registry can be propagated to running containers. To know more about Container Runtime Sensor, refer to 

Production Environment

General Sensor

Container Runtime Sensor -  It tracks the file and process events happening in your containers which are hosted on a cluster. Qualys Supports Runtime scans in the following environments. 

  • Kubernetes Clusters:
    • EKS – including standard EKS, EKS on Fargate, EKS Automode
    • AKS
    • GKE & GKE Autopilot
    • Red Hat OpenShift
  • Standalone Docker Hosts
  • AWS ECS on EC2
  • ECS on Fargate

To learn more about Container Runtime Sensor, refer to CRS Online Help.

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.