The new integration allows security and DevOps teams to set up automated security scans of container artifacts in Artifact Registry, now generally available. Qualys Container Security scanning will assess all images for software inventory, vulnerabilities and misconfigurations, and provide a unified view across multiple Google Cloud regions.
Customers can then leverage the Qualys security posture API of these container images for automation of security workflows like container deployments in Google Cloud Build or integrating with DevOps ticketing systems.
“Google Cloud’s Artifact Registry provides a convenient fully-managed service that allows customers to have a central repository for all their software artifacts,” said Philippe Courtot, CEO, Qualys.
“Now, with our new integration, customers can quickly adopt this artifact management offering from Google Cloud in their DevOps pipeline with seamless container security built-in from Qualys.”
“It’s important that DevOps and IT teams are able to deliver software quickly and securely, and we’re excited that Qualys is integrating its container security capabilities with Google Cloud’s Artifact Registry,” said Juan Sebastian Oviedo, Product Manager at Google Cloud.
Qualys Container Security
Built on the Qualys Cloud Platform, Qualys Container Security discovers, tracks and secures containers from build to runtime. Container Security continuously flags and responds to security and compliance issues in containers across your hybrid IT environment.
The addition of runtime protection extends these capabilities, delivering full, granular visibility into running containers and the ability to enforce policies that govern containers’ behavior.
As a result, you can immediately detect and act upon containers drifting from their parent images and potentially creating a security risk due to vulnerabilities or misconfigurations.