Cloud Platform
Community
Support
Try it

DevOps solutions.

Test for vulnerabilities throughout your development cycle.

Avaya

Qualys has enabled us to integrate into build, test, operational and automation efforts, whether on premises or in the cloud.

Abie John CISO at Avaya

Agile, rapid app development and deployment must be secure. Build security into every phase of the DevOps lifecycle with Qualys.

Your company has torn down the wall between development and IT operations. Building, testing, and launching applications is now iterative and collaborative. Qualys has security solutions for this new era.

  • Comprehensive bug, misconfiguration detection

    Catches coding and configuration errors throughout development, early and often, before launching apps in production

  • Remediation prioritization

    Pinpoints the most critical vulnerabilities present in code being written, so you can eliminate the biggest risks right away

  • Compliance assurance

    Verifies that as applications are developed, the code is compliant with your internal policies and external regulations

  • Intrusion vigilance

    Identifies indicators of compromise so your combined development, operations, QA and security team responds and secures systems immediately

  • Streamlined security and compliance audits

    Automates checks of security controls and configurations, and expedites demonstration of compliance

Build security into your pipeline

You have application delivery schedules to meet, so security testing and monitoring shouldn’t slow you down. With Qualys, you can integrate testing into your CI pipeline. Code is automatically tested and then re-tested following fixes, ensuring that you release hardened containers, images and web applications into production. Once your code is in production, Qualys can continuously monitor it for any changes, and notify you of detected issues that need to be fixed.

Easy integration into your DevOps toolchain

Leverage Qualys' out-of-the-box integrations with popular tools in the DevOps ecosystem, including Puppet, Jenkins, and Bamboo, as well as Qualys' plugins for tools including Splunk and ServiceNow. Visit our GitHub repository to explore the integration and plugin documentation and sample code.

Access all services through robust REST APIs

Build the integrations you need for your tools and processes using Qualys’ robust APIs.

API documentation

Easily track and communicate results

Track the metrics that matter to your organization with Qualys’ customizable dashboards. Leverage report templates aligned with best practice benchmarks and industry standards to track your progress and ease the demonstration of compliance to auditors. In addition, Qualys APIs allow you to integrate data from Qualys apps and services with your security and compliance internal processes and dashboards.

Comprehensive security and compliance platform

Your security tools should evolve as you evolve. If you are adopting a new technology, like containers, or adding security and compliance controls, the Qualys Cloud Platform grows with you, simplifying deployment, operations and reporting. It’s an end-to-end security and compliance solution for prevention and response.

Public cloud platforms integration

Cloud computing platform providers operate on a “shared security responsibility” model, meaning you still must protect your workloads in the cloud. Qualys works with all major public cloud providers to deliver comprehensive security and compliance solutions in your public cloud deployments.

Qualys for Microsoft Azure
Qualys for AWS
Qualys for Google Cloud

Container Security

Qualys Container Security (CS) provides security coverage from the build to the deployment stages. Monitor and protect container-native applications on AWS without disrupting your existing Continuous Integration and Deployment (CI/CD) pipelines. Assess the contents of container images for vulnerabilities, control which images are deployed, gain visibility into runtime application activity, and also automatically enforce normal application behavior.


Qualys CS detects vulnerabilities and compliance issues with Docker images in the build pipeline and in AWS ECR, identifies behavioral anomalies and protects container runtimes deployed on AWS ECS, EKS and Fargate.

Container Security

Assess vulnerabilities, misconfigurations in AWS Golden AMI Pipelines

Qualys and AWS partnered to document the AWS Golden Amazon Machine Image Pipeline reference architecture with Qualys scanners for vulnerability and configuration compliance assessment. Customers like Capital One, Ancestry, Experian and many others use this methodology to automate scanning of their Golden AMIs to ensure that they are hardened in line with their risk and compliance policies.

In the case of Capital One, it went from a two week testing cycle to less than 24 hours. Ancestry was able to reduce the number of vulnerabilities in production by 80% by ensuring images were hardened.

Demonstrate security and compliance in DevOps

Your company has torn down the wall between development and IT operations. Building, testing, and launching software is now iterative and collaborative. Security must mirror this agility, while giving you the visibility you need to manage risk in the business.

Visibility

With its versatile set of data-collection sensors, Qualys gives you full, continuous visibility into your DevOps pipelines – from build to production. Data on your DevOps assets is continuously collected using agents, scanners, network sniffers, APIs, container sensors, and public cloud connectors. From your centralized "single-pane-of-glass" dashboard, you can search through the data, drill down into details, generate reports, fire up Qualys apps and take appropriate actions.

Flag vulnerabilities

Most breaches exploit known bugs. Removing these weak points from your code during development yields clean production software and thwarts hackers. Using its Cloud Agents, Qualys flags vulnerabilities and lets your DevOps team “shift left” and quickly patch or mitigate these flaws throughout the application development and deployment lifecycle. With Qualys, you can also address security-related configuration issues, a major source of recent breaches. Qualys automates configuration assessment of DevOps environments through out-of-the-box certified policies from the Center for Internet Security (CIS), and simplified workflows for scanning and reporting.

Vulnerability Management
Security Configuration Assessment

Prioritize remediation

DevOps is an agile, iterative, and collaborative process for generating pliable, flexible apps in response to market challenges and customer demands. Security can’t be a bottleneck. Qualys removes appsec obstacles, including the heaviest: pinpointing the most critical vulnerabilities among thousands so you prioritize your time and remediation efforts effectively and efficiently. By providing a clear view of the risks that need to be addressed, all parts of the business can collaborate to ensure that the most critical vulnerabilities affecting your assets are patched immediately.

Threat Protection

Comply with policies and regulations

DevOps seeks to produce modern software that’s secure and innovative, but you can’t overlook compliance. You must ensure your code is compliant with internal IT policies, industry mandates, and government regulations. Qualys automates assessment of compliance controls so you can more easily demonstrate a repeatable and trackable process to auditors and stakeholders.

Policy Compliance
PCI Compliance

Secure and shield web apps

Living outside of the network perimeter, insecure web apps offer an attractive attack surface to break into your IT environment. Qualys helps you avoid poor development and testing practices by scanning web apps for vulnerabilities and mis-configurations. Qualys also shields your web servers with its firewall, and rids your websites from malware. With tight integration between assessment and protection, you will benefit from automated virtual patches that give you time to schedule long term remediation, while pushing forward your applications’ development.

Web App Scanning
Web App Firewall

Validate file integrity

Once software is deployed, you must monitor files to enforce change controls, fulfill compliance requirements, and detect compromises. Leveraging Cloud Agents, Qualys’ file integrity validation solution monitors OSes in real time to detect changes, and is easy to install, configure and manage. With a real-time detection engine, it centrally logs and manages events, and correlates and tracks change incidents.

File Integrity Monitoring

Monitor systems

Ops must flag indicators of compromise pointing to malware attacks your antivirus products may miss. Using Cloud Agents, Qualys gathers IoC data from your assets and stores, processes, indexes and analyzes it. Qualys' IoC capabilities help you hunt threats, verify network alerts, detect suspicious activity, and flag malware.

Indication of Compromise

Assess Vulnerabilities, Misconfigurations in AWS Golden AMI Pipelines

Qualys and AWS partnered to document the AWS Golden Amazon Machine Image Pipeline reference architecture with Qualys scanners for vulnerability and configuration compliance assessment. Customers like Capital One, Ancestry, Experian and many others use this methodology to automate scanning of their Golden AMIs to ensure that they are hardened in line with their risk and compliance policies.

In the case of Capital One, it went from a two week testing cycle to less than 24 hours. Ancestry was able to reduce the number of vulnerabilities in production by 80% by ensuring images were hardened.

See for yourself. Try Qualys for free.

Start your free trial today. No software to download or install. Email us or call us at 1 (800) 745-4355.