Qualys Kubernetes & Container Security: What’s New in the Release 1.39-1.42

Abhinav Mishra
Abhinav Mishra, Product Management Director, Container Security, TotalCloud CNAPP
- 7 min read

Table of Contents

In the world of Containers & Kubernetes, consistent and reliable reporting, given the ephemeral nature of container workloads, is a massive challenge at scale. At Qualys, we are committed to supporting our customers with new game-changing capabilities that enable noise-free risk prioritization, remediation, and resiliency against the latest threats.

Let’s take a look at the newest capabilities Qualys Kubernetes and Container Security offers.

Vulnerability Management and Asset Reporting

Qualys Locator Path

As containerized environments scale, you face growing difficulty in manually tracking individual containers, especially when hundreds or thousands of instances are listed independently. The lack of a hierarchical view makes organization and navigation increasingly complex.

Qualys Container Security now introduces Qualys Locator Path (QLP), a hierarchical, intuitive grouping framework that organizes Kubernetes containers based on their logical placement within the environment. Each container is assigned a unique QLP, allowing you to reliably track and differentiate containers—even when they originate from the same image.

QLP provides a flexible, structured, group‑by view of container/image and software assets, allowing you to:

  • Easily navigate large container inventories
  • View logical hierarchy
    Account → Cluster → Namespace → Pod → Container
  • Reduce manual effort in tracking and correlating container instances
  • Improve clarity in multi‑cluster and large‑scale Kubernetes environments

Vulnerability Page: Image Layer-Aware with De-Duplicated Visibility of Risk and Full Traceability

Modern container environments generate massive volumes of vulnerability findings across images, layers, and running containers, often leading to duplicated alerts, fragmented context, and slow triage. To address this, Qualys Container Security now introduces a new Layer-Aware Vulnerability Page in the left navigation, purpose-built to deliver a clean, de-duplicated view of risk with deep traceability.

With this new update, you can:

  • Get a de-duped view of unique vulnerabilities
    See vulnerabilities grouped by QID across Images, Software, and running Container QLPs, eliminating duplicate noise from shared layers and reused base images so teams can focus on real, unique risk.
  • Trace base layer vulnerabilities to the parent image
    Quickly trace each vulnerability back to the exact layer, root, or parent image to understand whether it was inherited from a base image or introduced in the application layer.
  • Track running containers and affected software by vulnerability
    Correlate vulnerabilities with images in use, running containers, and associated packages to understand real runtime exposure instead of static, scan-only context.
  • Prioritize with real-time threat context and hierarchical grouping
    Leverage KEV, ransomware signals, and QLP-based hierarchical grouping to identify blast radius, prioritize exploitable risk, and accelerate triage with reduced MTTR.

TruRisk™ Widget For Clusters

Now you can aggregate and view your overall TruRisk™ score at the cluster level with the new widget, enabling you to prioritize and obtain a consolidated risk score.

Dashboard Scheduling and Reporting

With this capability, you can create dashboards aligned to different teams (based on tags) or to different metrics. From there, you can create on-demand scheduled reports that can be sent via email in PDF format.

End-of-Life/End-of-Support (EOL/EOS) Software Reporting

Qualys now reports EOL/EOS Software findings on images. Continuous updates across programming languages have made EOL and EOS software increasingly common, leaving known vulnerabilities unpatched and exposed to exploitation.

Leveraging the CSAM Software catalog, the dashboard can populate key EOL/EOS insights for image software.

Continuous Assessment and Registry Scanning Enhancements

Continuous Assessment: The Anti-Re-Scan Model

Traditional registry scanning can introduce challenges, such as time lags between vulnerability discovery and detection when performing point-in-time scans (e.g., weekly). Furthermore, weekly scans reset registry metadata and consume compute resources.

With Continuous Assessment, Qualys continuously assesses images against the latest vulnerability signatures without the need to do force/weekly re-scans. Continuously evaluating the SBOM helps achieve scale while maintaining safeguards against newly discovered exploitable vulnerabilities. You can customize the Continuous Assessment feature for specific images, including:

  • Images that are forced to be rescanned (Note: If you have already configured Force Re-scan, Qualys is now doing Continuous Assessment against those images)
  • Images with a special tag (qpa)
  • Images in-use in running containers
  • Any QQL (For example, you can do continuous assessment for images in a specific repo)

Continuous Assessment is opt-in. Users can go to the Configurations settings to turn on continuous assessment and configure how they want it to work.

Improved Registry Scan Job Visibility

With this release, Qualys Container Security has improved Registry Scan Job visibility to address the following challenges:

  • Enhanced Scan Status Overview
    You can now see the total number of images associated with each Scan Job, along with a clear breakdown of scans in progress and completed scans.
  • Image to Sensor Traceability
    Each scanned image can now be traced back to the specific sensor (UUID) that performed the scan. This makes it easier to retrieve logs or results generated by that particular sensor for troubleshooting or audit purposes.

This enhancement provides greater transparency, faster issue resolution, and improved operational confidence in your registry scanning workflows.

eBPF-Powered Threat Detection and Response Enhancements

Qualys continues to invest extensively in eBPF-powered capabilities to protect against threats and malicious actors while bringing TruRisk™ to enable SecOps and Incident Response Teams to respond to the alerts that matter.

Enhancements include:

  • Malicious Process and IP Communication Threat Detection: Using Deep Learning, Qualys inspects eBPF network events and maps them to malicious IP and DNS servers.
  • Dedicated Investigate Page for Viewing Threats: Users originally had to go to the TotalCloud™ module to see container threat detections. Now, they can just click the Investigate Tab on the left.
  • Integration with Attack Path: Runtime alerts are now integrated into attack paths and TruRisk™ scoring, enabling security teams to respond to attack paths with threat context.
  • Rate Limiting and Event De-Duplication: Optimized eBPF rate limiting to reduce sensor overhead and improve sensor efficiency.

Shift-Left Security and QScanner Enhancements

QScanner, which is used for shift-left and developer workflows, has undergone major enhancements, including:

  • Native Support for macOS: Developers can now scan images locally on their macOS laptops.
  • Native Integration with GitLab: QScanner can be integrated into GitLab CI/CD pipelines.
  • File Insight Scanning: The File Insight scan collects detailed metadata of files encountered during scans based on configured rules. The scan captures attributes such as file path, size, permissions, hashes, MIME type, origin layer (for images), and executable metadata (ELF/PE).
  • On-Demand Upgrading: You can upgrade QScanner directly from the CLI.

Compliance & Policy Enforcement Enhancements

  • New KSPM Compliance Report: Security teams can now create KSPM Compliance reports using the reporting wizard with proper evidence collection, inventory metadata, and remediation guidance.
  • Deployment Scoped Policies For Admission Controller: Security teams can now enforce different policies within deployments/pods that are in the same namespace, allowing for more fine-grained scoping
  • New Image Assessment Rules: New assessment rules include blocking images with secrets, malware, and those that are older, based on vulnerability date and author.
  • KSPM – CIS Node Level Compliance For OpenShift and GKE
  • KSPM – CIS GKE Autopilot Benchmarking
  • Sealed Secrets Auditing In Red Hat OpenShift Environments

Other Enhancements

  • Flex Columns: Users can select which columns they want to view in the UI.
  • Sensor Enhancements:
    • IPV6 SupportARM64 Support for eBPF Sensor and Qualys Admission Controller
    • Ability to pull Qualys images from multiple registries/repositories using imagePullSecrets
  • Data Retention Service Improvements:
    • Ability to customize specific days for data retention. By default, containers are stored for 7 days and can be configured to store for up to 30 days.
    • New Data Retention Service for registry schedules
  • Image Metadata: Image Architecture and Repo Digest are now available for display in images.

Resources

Contributor

Sachin Kesarkar

Share your Comments

Comments

Your email address will not be published. Required fields are marked *