Container Runtime Security

Qualys Container Security 1.6.2 introduces runtime visibility and defense for containers (Container Runtime Security - CRS). CRS provides a function level firewall for containers that allows customers to get granular visibility into container behavior and enforce container activity behavior. CRS allows customers to protect container images and running containers with a Qualys CRS layer. Customers can apply granular behavior policies that provide runtime activity visibility and enforce (Allow, Deny, Alert) runtime behaviors.

We support the following registries for instrumentation:

Public registries: Docker Hub

Private registries: v2-private registry: JFrog Artifactory (secure: auth + https). 

Container Runtime Security (CRS) is a separately licensed feature within the Qualys Container Security (CS) product. CRS is not activated by default for existing and new customers. If you are interested in this feature, please contact your Qualys Account Manager or Qualys Support.