The Qualys General, Registry, CI/CD Sensor is Qualys Inc.'s official container image, designed to deliver continuous scanning coverage (vulnerabilities, software composition analysis (SCA), and compliance) from build to runtime. It is one official image that can be used to scan running environments, registries, and CI/CD systems.
The sensor can be deployed as a Daemon Set in Kubernetes Environments (AWS EKS, AKS, GKE, OpenShift, etc.), AWS ECS Clusters, and Standalone Docker environments to perform continuous scanning of running containers and deployed images for vulnerabilities, SCA, and compliance.
When deployed in default mode, the sensor operates as a General Sensor and can be run using the following command:
sudo docker run -d --restart on-failure \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-e ACTIVATIONID=<your-activation-id> \
-e CUSTOMERID=<your-customer-id> \
... [additional options] \
qualys/qcs-sensor:latest
This sensor can also be used to scan container registries such as JFrog Artifactory, ECR, ACR, Harbor, and more. It requires the sensor to be deployed to some compute (pool of VMs, cluster, etc.) which is only running these sensors and not any other production workloads.
To enable registry scanning, run the sensor with the --registry-sensor flag:
sudo docker run -d --registry-sensor --restart on-failure \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-e ACTIVATIONID=<your-activation-id> \
-e CUSTOMERID=<your-customer-id> \
... [additional options] \
qualys/qcs-sensor:latest
While it is recommended to use QScanner – Qualys’ CLI Tool for scanning container images in any CI/CD pipeline, you can also deploy the sensor in Jenkins, Azure DevOps, and Bamboo CI/CD environments.
To enable registry scanning, run the sensor with the --cicd-deployed-sensor flag:
sudo docker run -d --cicd-deployed-sensor --restart on-failure \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-e ACTIVATIONID=<your-activation-id> \
-e CUSTOMERID=<your-customer-id> \
... [additional options] \
qualys/qcs-sensor:latest
The image supports the following architectures:
Please refer to ‘How to install Qualys Container Security Sensor (qcs sensor)’ section of Artifacthub link for details on installation instructions.
For additional information on Qualys Container Security Sensor, please refer to -
https://docs.qualys.com/en/cs-sensor/latest/overview/cs_overview.htm
The image is marked as a Verified Publisher image from Qualys Inc., indicating authenticity and security.
Content type
Image
Digest
sha256:96f4df46e…
Size
310.2 MB
Last updated
28 days ago
docker pull qualys/qcs-sensorPulls:
287,928
Jun 29 to Jul 5