Container Security Release 1.40
September 22, 2025
Added Support for CS TruRisk™ Widget in Dashboard
Qualys Container Security now supports the TruRisk™ widget under Dashboard. This widget shows you TruRisk™ insights related to your Images and Containers.
To view the TruRisk™ widget under Container Security > Dashboard, it must first be created in the Unified Dashboard (UD). Once added in UD, the widget will automatically appear in the Container Security dashboard.
You can use the Widget Query to filter out assets. The default query used to calculate the TruRisk™ score is vulnerability.severity:5. You can customize the TruRisk™ Score by applying a different Widget query.
The TruRisk™ score shown in a widget under the Dashboard or Test and Preview screen indicates the average of TruRisk™ scores of the resultant assets.
You can click on the TruRisk™ Score or Total Assets or Total Contributing Vulns to see the assets involved in the calculation.
Scheduling Integration in Dashboard
With this feature, we have added support for report scheduling for a Container Security dashboard.
The following three report generation frequencies are supported:
- Run Now
- Single Occurrence
- Recurring - daily, weekly, monthly
You can receive the report through an email as either a URL or a PDF attachment (Portrait or Landscape).
All scheduling report entries are displayed under the Reporting Schedule listing page. Once the report is generated, you can download it by clicking the Download option present under the ACTIONS column.
The 'Quick Action' option allows you to perform the following actions on reports: edit, clone, activate, deactivate, and delete.
Currently, the Container Security does not support TruRisk™ and Hosts widgets in the scheduled report.
Column Selection Flexibility in 'Images' and 'Containers' Tabs
With this release, Qualys Container Security has introduced column customization support (also known as, 'Flex Column Selection') under the Images and Containers tabs present under the Assets page. You can now configure columns to be displayed on the listing pages of Assets > Images and Containers tabs by hiding (i.e. unchecking) the unwanted columns from the column settings. These changes are saved in your account till the time you edit them again.
The Flex Column Selection feature is supported only with the new Qualys Enterprise TruRisk™ Platform.
Centralized Policy Management Enhancements
Qualys container security has improved to the Centralized Policy Management evaluation mechanism to support input-specific (scan type) rule evaluation, improving both accuracy and efficiency. In this phase, a new TAGS column is also introduced for CI/CD policies.
Bifurcated Policy Evaluation
Previously, all Centralized Policy Management rules were evaluated using all available inputs, regardless of their relevance. This meant that to block images with secrets, you had to carry OS and SCA scans along with the Secret scan.
Now, the evaluation logic has been enhanced to bifurcate rule processing based on input type. Rules related to vulnerabilities are evaluated when the OS and SCA scans (pkg flag) are provided. Whereas the rules related to secrets are evaluated when the Secret scan is provided.
With this enhancement, secret rules no longer require the OS and SCA scans alongside the secret scan for evaluation.
New 'TAGS' Column in 'Image Assessment' Tab
Along with the above enhancement, the CPM has also introduced TAGS column in CI/CD Policies (Policies > Image Assessment). You can filter policies based on tags directly on the CI/CD Policy listing page.
To support this enhancement, a new QQL named 'policy.tags.name' is introduced. You can use this QQL to search CI/CD Policies based on a tag name.
'Image Architecture' and 'Repo Digest' Information on the Image Listing Page
With this release, we have improved the image listing experience by adding 'IMAGE ARCHITECTURE' and 'REPO DIGEST' columns to the image listing page (Assets > Images).
Now you can instantly view the target architecture (for example, amd64, arm64, and so on) on the image listing page to ensure compatibility across diverse environments. This also reduces errors by selecting the correct image variant for your infrastructure without needing to inspect image details.
These two columns are also supported under Flex Column Selection feature. Use the column settings to hide these two columns.
Added Support for CISA Known Exploited Vulnerabilities Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) maintains the Known Exploited Vulnerabilities (KEV) Catalog, a critical resource for identifying and prioritizing vulnerabilities that are actively being exploited in the wild. The KEV Catalog is an authoritative list of CVEs (Common Vulnerabilities and Exposures) that have been confirmed to be exploited.
With this release, Qualys Container Security supports CISA KEV. It can now identify KEV present in your containers. To support this feature, the following QQLs are introduced in Assets > Containers. and the Vulnerabilities tab present in View Details page of a container. You can use these QQLs to search containers with CISA KEVs.
- drift.software.vulnerabilities.threatIntel.cisaKnownExploitedVulns
- drift.vulnerabilities.threatIntel.cisaKnownExploitedVulns
- software.vulnerabilities.threatIntel.cisaKnownExploitedVulns
- vulnerabilities.threatIntel.cisaKnownExploitedVulns
Added Support for 'Compliance' Report
Earlier, Qualys Container Security supported reports for image and container vulnerabilities, image secrets, and malware. With this release, Qualys Container Security supports Compliance Management (Posture Management) reports. The Compliance report consists of an evaluation report of the Kubernetes resources reported against the CIDs.
To support this feature, a new report template - Compliance is added under Reports > Create Report > Report Source.
Data Retention Service Improvements
With this release, all the Data Retention period fields are configurable now. Earlier, Container Security offered fixed periods for the data retention of assets with the help of drop-downs under Configurations. Now, these drop-down options are removed, and instead, integer data entries are added.
The retention periods of images and containers remain as stated below.
| Asset | Retention Period |
|---|---|
| Images | Min. period - 7 days Max. period - 360 days (default) |
| Containers | Min. period - 7 days Max. period - 90 days (default) |
Qualys Container Security now also supports Audit Logs for your data with the help of ADMIN module. You can access the audit logs in Activity Logs.
Threat Detection Rules for Containers
Qualys Container Runtime Sensor (CRS) introduces new runtime Threat Detection Rules. CRS now enables advanced threat detection by analyzing process behavior and binary characteristics. With the new runtime process Threat Detection Rules, Qualys Container Security now flags and correlates critical container-based threats such as:
- Container escapes
- Privilege escalation attempts
- Malicious process and IP communications
With this enhancement, Container Security can detect and stop advanced runtime attacks before they spread across your Kubernetes environment.
Known Issues
The following issues have been identified in this release.
| Category | Issue |
|---|---|
|
Dashboard and Dashboard Reports |
Known Issue: Although the TruRisk™ score widget is enabled only for Images and Containers, the Sensor and Hosts options present under Query Settings may also show the TruRisk™ score. In such a case, the score does not belong to the Sensor or Hosts, and it is copied from the Containers. Workaround: Currently, a workaround for this issue is not available. |
| Known Issue: Older dashboards that were created without a description - the description field is 'empty' or 'null' - may encounter failures during report creation and download. This issue affects both the generation of reports and the ability to view them in PDF format. Workaround: To resolve this issue, add a description to the affected dashboards. Once a valid description is provided, report generation and PDF download work as expected, and the report details are visible in the downloaded file. |
|
| Known Issue: In some cases, the data displayed on the dashboard does not match the actual count. This discrepancy may be caused by corrupted widgets. Workaround: To resolve the issue, recreate the affected widget using the same query. The newly created widget generates accurate counts and resolves the mismatch. |
|
| Known Issue: When generating reports, the selected orientation (Portrait or Landscape) is not always applied in the downloaded PDF. Even if Landscape is selected, the report may still be downloaded in Portrait format. Workaround: The system uses a reporting template table to store only one report format per dashboard. This format is reused across all scheduled reports for that dashboard. If a previous schedule used Portrait orientation, subsequent reports may continue using that format—even if Landscape is selected for newer schedules. To avoid this issue, allow a buffer period between two scheduled reports. This ensures that the reporting template table is properly updated with the new report format before the next scheduled runs. |
|
| Known Issue: When a description is added to a Bar or Pie chart widget, the description appears twice in the generated PDF reports. This issue has been observed across multiple modules using these widget types. Workaround: Currently, a workaround for this issue is not available. |
|
| Known Issue: The timestamp is not getting printed in the downloaded dashboard report. Workaround: Currently, a workaround for this issue is not available. |
|
| Known Issue: In certain cases, widget data is visible in the Qualys Enterprise TruRisk™ Platform (UI) but does not appear in the corresponding PDF report. This issue affects specific widgets, even though they use valid filter queries. Workaround: To resolve this, manually duplicate the affected widget using the same filter query. The duplicated widget displays data correctly in both the UI and the PDF report. |
|
| Known Issue: Certain widgets are not appearing in the generated dashboard reports, even though they are visible in the UI. This may be due to manual updates or inconsistencies in widget configuration. Workaround: Create a new dashboard and re-add the affected widgets. Reports generated from the new dashboard display the widgets correctly. |
|
| Known Issue: When attempting to schedule a report using an invalid or past date, the system does not display an appropriate error message. Workaround: Ensure that all one-time and recurring report schedules are created using future dates only. Avoid using past dates to prevent silent failures. |
|
| Known Issue: Widgets configured with a time-frame filter are not loading the expected data. Workaround: As a temporary solution, avoid using time-frame filters in widgets. |