qualys/qcs-sensor

Verified Publisher

By Qualys Inc.

Updated 28 days ago

Image
16

10M+

qualys/qcs-sensor repository overview

Qualys General, Registry, CI/CD Sensor

The Qualys General, Registry, CI/CD Sensor is Qualys Inc.'s official container image, designed to deliver continuous scanning coverage (vulnerabilities, software composition analysis (SCA), and compliance) from build to runtime. It is one official image that can be used to scan running environments, registries, and CI/CD systems.


Deploying in Kubernetes and Standalone Docker Environments (General Sensor)

The sensor can be deployed as a Daemon Set in Kubernetes Environments (AWS EKS, AKS, GKE, OpenShift, etc.), AWS ECS Clusters, and Standalone Docker environments to perform continuous scanning of running containers and deployed images for vulnerabilities, SCA, and compliance.

When deployed in default mode, the sensor operates as a General Sensor and can be run using the following command:

sudo docker run -d --restart on-failure \
  -v /var/run/docker.sock:/var/run/docker.sock:ro \
  -e ACTIVATIONID=<your-activation-id> \
  -e CUSTOMERID=<your-customer-id> \
  ... [additional options] \
  qualys/qcs-sensor:latest

Scanning A Container Registry (Registry Sensor)

This sensor can also be used to scan container registries such as JFrog Artifactory, ECR, ACR, Harbor, and more. It requires the sensor to be deployed to some compute (pool of VMs, cluster, etc.) which is only running these sensors and not any other production workloads.

To enable registry scanning, run the sensor with the --registry-sensor flag:

sudo docker run -d --registry-sensor --restart on-failure \
  -v /var/run/docker.sock:/var/run/docker.sock:ro \
  -e ACTIVATIONID=<your-activation-id> \
  -e CUSTOMERID=<your-customer-id> \
  ... [additional options] \
  qualys/qcs-sensor:latest

Scanning in CI/CD Pipelines (CI/CD Sensor)

While it is recommended to use QScanner – Qualys’ CLI Tool for scanning container images in any CI/CD pipeline, you can also deploy the sensor in Jenkins, Azure DevOps, and Bamboo CI/CD environments.

To enable registry scanning, run the sensor with the --cicd-deployed-sensor flag:

sudo docker run -d --cicd-deployed-sensor --restart on-failure \
  -v /var/run/docker.sock:/var/run/docker.sock:ro \
  -e ACTIVATIONID=<your-activation-id> \
  -e CUSTOMERID=<your-customer-id> \
  ... [additional options] \
  qualys/qcs-sensor:latest

Supported Architectures

The image supports the following architectures:

  • AMD64: linux/amd64
  • ARM64: linux/arm64

Installation Instructions

Please refer to ‘How to install Qualys Container Security Sensor (qcs sensor)’ section of Artifacthub link for details on installation instructions.


Documentation

For additional information on Qualys Container Security Sensor, please refer to -
https://docs.qualys.com/en/cs-sensor/latest/overview/cs_overview.htm


Verified Publisher

The image is marked as a Verified Publisher image from Qualys Inc., indicating authenticity and security.

Tag summary

Content type

Image

Digest

sha256:96f4df46e

Size

310.2 MB

Last updated

28 days ago

docker pull qualys/qcs-sensor

This week's pulls

Pulls:

287,928

Jun 29 to Jul 5