checkQualys – Building Container Scanning Automation

Pre-Recorded Session

Live Q&A

Friday, June 4th, 2:30 – 3:00 pm


This presentation discusses the Qualys Container Security scanner GitLab integration. DevOps is quickly changing the way that organizations build and deploy web applications such as Docker containers. With container technology, build workflow needs rapid release cycles and continuous deployment. By integrating automated security testing into the development tool chain workflows, developers can identify security issues associated with containers early in their build process. We will discuss the scripts and source code for tools to provide access to the Qualys container vulnerability scanning system through GitLab CI/CD jobs. This integration into a GitLab project allows developers to trigger a Docker container image scan pipeline on the image of their choosing. Any vulnerabilities found will be posted as a GitLab issue in the project from which it is executed. This integration uses a pre-configured VM for the GitLab runner that obtains access to what it needs via AWS IAM roles. This allows any developer with a project on the same GitLab instance to incorporate the Qualys scanner job by including a GitLab CI/CD template in their own gitlab-ci.yml file without having to set up access to the Qualys API for themselves. At the end of the presentation, participants will be able to learn about the architecture, scripts and source code, sample reports as well as setup instruction documentation and on-going improvements.

The architecture, scripts and source code, sample reports as well as benefit of container scanning, setup instruction documentation, and on-going improvements.

Presenter Information