
Qualys Container Security
Container Security- Overview
- Setup
- Data & mappings
- Operations & API
- Changelog
The Qualys Container Security connector integrates with the Qualys Container Security platform to synchronize container infrastructure data into the Brinqa platform. It uses the Qualys Container Security API v1.3 to retrieve hosts, images, containers, vulnerabilities, compliance violations, registries, and exceptions.
The connector synchronizes the following categories of data:
- Hosts — Container hosts from the Qualys Asset Management endpoint
- Images — Container images from the Container Security API
- Containers — Running/stopped containers with optional label enrichment
- Image Vulnerabilities — Vulnerability findings on container images, along with their definitions
- Container Vulnerabilities — Vulnerability findings on containers, along with their definitions
- Image Violations — Compliance violations on container images
- Container Violations — Compliance violations on containers
- Violation Definitions — Compliance control definitions
- Registries — Container registries
- Exceptions — Vulnerability exceptions
Data retrieved from Qualys Container Security
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Host | Yes | Host |
| Image | Yes | Container Image |
| Container | Yes | Container |
| Registry | Yes | — |
| Exception | Yes | — |
| Image Vulnerability | Yes | Vulnerability |
| Image Vulnerability Definition | Yes | Vulnerability Definition |
| Container Vulnerability | Yes | Vulnerability |
| Container Vulnerability Definition | Yes | Vulnerability Definition |
| Image Violation | Yes | Violation |
| Container Violation | Yes | Violation |
| Violation Definition | Yes | Violation Definition |
Model relationships
For detailed steps on how to view the data retrieved from Qualys Container Security in the Brinqa Platform, see How to view your data.
Connection settings
When setting up a data integration, select Qualys Container Security from the Connector dropdown and provide the following:
| Setting | Required | Default | Description |
|---|---|---|---|
| API Server URL | Yes | https://gateway.<POD>.apps.qualys.com/ | Qualys platform API server url |
| Username | Yes | — | Qualys user login |
| Password | Yes | — | Qualys user password |
| Page size | No | 300 | Maximum number of hosts to request per API request |
| Parallel requests | No | — | Maximum number of parallel API requests |
| Maximum retries | No | — | The maximum number of retry attempts before giving up a request |
| Fetch container labels | No | false | Enable to fetch labels for each container |
Authentication
The connector authenticates using Username/Password credentials. A Bearer token is obtained via the /auth endpoint and used for all subsequent API requests.
Usage
All API requests include the token as a standard header:
Authorization: Bearer <jwt-token>
How to obtain Qualys Container Security credentials
Create a Qualys user
To ensure the user account that the Qualys CS connector uses to access the Qualys server has the appropriate permissions, follow these steps.
-
Log in to your organization's Qualys server.
-
Click the dropdown at the top of the page and under Utilities, select Administration.
-
Navigate to Users, and then click the User Management tab.
-
Click the Create User dropdown and select Create Reader User.

-
Fill out the general information for the new user.
-
Click User Role on the left menu.
From the User Role dropdown, select Reader.
- Select GUI and API to enable API access, and leave Business Unit Unassigned.
Note: GUI access allows the user to log in to the Qualys GUI (graphical user interface). After you create the new Qualys user, log in to the Qualys GUI using the new credentials. The system prompts the user to reset their password. The Qualys connector will not function until you complete the password reset.

-
Click Asset Groups on the left menu.
- From the Add asset groups dropdown, select Add All or only the asset groups the Qualys user needs access to.
-
Click Permissions on the left menu and select all of the available permissions.
-
Click Options to modify the notification options as needed.
-
Click Save.
The new Qualys user with appropriate permissions to retrieve data displays on the Qualys Users page.
If you do not wish to create a new Qualys user, you can leverage an existing user with the appropriate permissions.
Note: If you do not have permissions to create a new Qualys user, contact your Qualys administrator. For additional information, see Qualys documentation.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes:
Host
| Source Field Name | SDM Attribute |
|---|---|
accountId | CLOUD_ACCOUNT_ID |
| ASSET_CATEGORY_HOST | CATEGORIES |
| availability zone | EC2_AVAILABILITY_ZONE |
| first discovered | FIRST_SEEN |
getName | NAME |
getName | HOSTNAMES |
getName + host.getOS | DESCRIPTION |
host.getARSFACTORS.getARSFORMULA | ARS_FORMULA |
host.getASSETCRITICALITYSCORE | ASSET_CRITICALITY_SCORE |
host.getASSETID | ASSET_ID |
host.getASSETRISKSCORE | ASSET_RISK_SCORE |
host.getCLOUDPROVIDER | CLOUD_PROVIDER |
host.getCLOUDPROVIDERTAGS | CLOUD_PROVIDER_TAGS |
host.getCLOUDRESOURCEID | EC2_INSTANCE_ID |
host.getCLOUDRESOURCEID, instance id | INSTANCE_ID |
host.getCLOUDSERVICE | CLOUD_SERVICE |
host.getDNSDATA.getDOMAIN | DOMAIN |
host.getDNSDATA.getFQDN, local hostname | PRIVATE_DNS_NAMES |
host.getDNSDATA.getFQDN, public hostname | PUBLIC_DNS_NAMES |
host.getID | UID |
host.getIP | IP_ADDRESSES |
host.getIP, public ipv4 | PUBLIC_IP_ADDRESSES |
host.getLASTVMAUTHSCANNEDDATE | LAST_AUTH_SCANNED |
host.getLASTVULNSCANDATETIME | LAST_SCANNED |
host.getLASTVULNSCANDATETIME | LAST_SEEN |
host.getNETBIOS / host.getDNSDATA.getHOSTNAME | EC2_HOSTNAME |
host.getOS | OS |
host.getOWNER | OWNER |
host.getQGHOSTID | QG_HOST_ID |
host.getTAGS.getTAG | TAGS |
host.getTRACKINGMETHOD | TRACKING_METHOD |
hostname | GCP_HOSTNAME |
| image id | IMAGE |
| image id | EC2_AMI_ID |
| instance id | GCP_INSTANCE_ID |
| instance state | EC2_INSTANCE_STATE |
instance state (normalized, default: active) | STATUS |
| instance type | EC2_INSTANCE_TYPE |
ipv6 | AZURE_IPV6 |
location | AZURE_LOCATION |
mac | EC2_MAC_ADDRESS |
mac | AZURE_MAC_ADDRESS |
mac | GCP_MAC_ADDRESS |
| mac address | MAC_ADDRESSES |
| machine type | GCP_MACHINE_TYPE |
name | AZURE_NAME |
network | GCP_NETWORK |
| os type | AZURE_OS_TYPE |
| private ip | AZURE_PRIVATE_IPV4 |
| private ip | GCP_PRIVATE_IPV4 |
| private ipv4 | PRIVATE_IP_ADDRESSES |
| private ipv4 | EC2_PRIVATE_IPV4 |
| project id | GCP_PROJECT_ID |
| public ipv4 | EC2_PUBLIC_IPV4 |
| public ipv4 | AZURE_PUBLIC_IPV4 |
| public ipv4 | GCP_PUBLIC_IPV4 |
region | EC2_REGION |
| resource group name | AZURE_RESOURCE_GROUP_NAME |
| security group | EC2_SECURITY_GROUPS |
state | AZURE_STATE |
state | GCP_STATE |
subnet | AZURE_SUBNET |
| subscription id | AZURE_SUBSCRIPTION |
| vm id | AZURE_VM_ID |
zone | GCP_ZONE |
Image
| Source Field Name | SDM Attribute |
|---|---|
| ASSET_CATEGORY_CONTAINER_IMAGE | CATEGORIES |
created | SOURCE_CREATED_DATE |
isInstrumented | IS_INSTRUMENTED |
lastComplianceScanDate | LAST_COMPLIANCE_SCAN_DATE |
lastVmScanDate | LAST_SCANNED |
repo[].registry | REGISTRY |
repo[].repository | REPOSITORY |
repo[].tag | TAGS |
repoDigests[].digest | DIGEST |
sha | SHA |
updated | SOURCE_LAST_MODIFIED |
uuid | UID |
uuid | IMAGE |
Container
| Source Field Name | SDM Attribute |
|---|---|
| ASSET_CATEGORY_CONTAINER | CATEGORIES |
containerId | CONTAINER_ID |
created | SOURCE_CREATED_DATE |
exceptions[].uuid | EXCEPTION_UUID |
host.hostname | HOSTNAMES |
host.ipAddress | IP_ADDRESSES |
host.ipAddress (if private) | PRIVATE_IP_ADDRESSES |
host.ipAddress (if public) | PUBLIC_IP_ADDRESSES |
host.lastUpdated | HOST_LAST_UPDATED |
host.sensorUuid | SENSOR_UUID |
host.uuid | HOST |
imageUuid | IMAGE |
isInstrumented | IS_INSTRUMENTED |
isRoot | IS_ROOT |
label[].key + label[].value (detail API) | LABELS |
lastComplianceScanDate | LAST_COMPLIANCE_SCAN_DATE |
lastVmScanDate | LAST_SCANNED |
lastVmScanDate | LAST_VM_SCAN_DATE |
name | NAME |
sha | UID |
sha | SHA |
state | STATE |
stateChanged | STATE_CHANGED |
updated | SOURCE_LAST_MODIFIED |
uuid | UUID |
Note: The LABELS attribute requires fetchContainerLabels=true in the connector configuration. Labels are fetched from the container detail endpoint (GET /csapi/v1.3/containers/{sha}), which requires one additional API call per container. The label field is only available in the detail response, not the list response. For containers without labels (e.g., AWS Fargate), the label field may be null.
Registry
| Source Field Name | SDM Attribute |
|---|---|
acrConnectorId | ACR_CONNECTOR_ID |
awsAccountId | AWS_ACCOUNT_ID |
awsRegion | AWS_REGION |
created | SOURCE_CREATED_DATE |
dockerHubOrg | DOCKER_HUB_ORG |
gcpProjectId | GCP_PROJECT_ID |
lastScanned | LAST_SCANNED |
lastScheduleStatus | LAST_SCAN_STATUS |
providerType | PROVIDER_TYPE |
registryName | NAME |
registryType | TYPE |
registryUri | URL |
registryUuid | UID |
repoCount | REPO_COUNT |
totalImages | TOTAL_IMAGES |
totalScannedImages | TOTAL_SCANNED_IMAGES |
totalVulnerableImages | TOTAL_VULNERABLE_IMAGES |
updated | SOURCE_LAST_MODIFIED |
Exception
| Source Field Name | SDM Attribute |
|---|---|
created | SOURCE_CREATED_DATE |
createdBy | CREATED_BY |
dynamicFilter | DYNAMIC_FILTER |
endDate | END_DATE |
entityAssignmentType | ENTITY_ASSIGNMENT_TYPE |
explanation | EXPLANATION |
listId | LIST_ID |
name | NAME |
reason | REASON |
scope | SCOPE |
startDate | START_DATE |
updated | SOURCE_LAST_MODIFIED |
updatedBy | UPDATED_BY |
uuid | UID |
Image Vulnerability
| Source Field Name | SDM Attribute |
|---|---|
cveids | CVE_IDS |
cveids | CVE_RECORDS |
firstFound | FIRST_FOUND |
imageSha | TARGETS |
lastFound | LAST_FOUND |
port | PORT |
| qid + imageSha + software | UID |
| QID- + qid | TYPE |
result | RESULTS |
scanType | SCAN_TYPE |
software[].name/version/... | SOFTWARES |
status | SOURCE_STATUS |
status (categorized) | STATUS_CATEGORY |
status (normalized) | STATUS |
threatIntel.activeAttacks | ACTIVE_ATTACKS |
threatIntel.denialOfService | DENIAL_OF_SERVICE |
threatIntel.easyExploit | EASY_EXPLOIT |
threatIntel.exploitKit | EXPLOIT_KIT |
threatIntel.exploitKitNames | EXPLOIT_KIT_NAMES |
threatIntel.highDataLoss | HIGH_DATA_LOSS |
threatIntel.highLateralMovement | HIGH_LATERAL_MOVEMENT |
threatIntel.malwareNames | MALWARE_NAMES |
threatIntel.noPatch | NO_PATCH |
threatIntel.publicExploit | PUBLIC_EXPLOIT |
threatIntel.publicExploitNames | PUBLIC_EXPLOIT_NAMES |
threatIntel.zeroDay | ZERO_DAY |
typeDetected | TYPE_DETECTED |
vulnerability | VULNERABILITY |
Image Vulnerability Definition
| Source Field Name | SDM Attribute |
|---|---|
category | CATEGORIES |
cveids | CVE_IDS |
cvss3Info.baseScore | CVSS_V3_BASE_SCORE |
cvss3Info.temporalScore | CVSS_V3_TEMPORAL_SCORE |
cvssInfo.accessVector | CVSS_V2_VECTOR |
cvssInfo.baseScore | CVSS_V2_BASE_SCORE |
cvssInfo.temporalScore | CVSS_V2_TEMPORAL_SCORE |
patchAvailable | PATCH_AVAILABLE |
product | AFFECTED |
published | PUBLISHED_DATE |
| QID- + qid | UID |
severity | SOURCE_SEVERITY |
severity | SEVERITY_SCORE |
severity (normalized) | SEVERITY |
threatIntel.malware | MALWARE |
title | TITLE |
vendor | VENDOR |
Container Vulnerability
| Source Field Name | SDM Attribute |
|---|---|
containerSha | TARGETS |
cveids | CVE_IDS |
cveids | CVE_RECORDS |
firstFound | FIRST_FOUND |
lastFound | LAST_FOUND |
port | PORT |
| qid + containerSha + software | UID |
| QID- + qid | TYPE |
result | RESULTS |
scanType | SCAN_TYPE |
software[].name/version/... | SOFTWARES |
status | SOURCE_STATUS |
status (categorized) | STATUS_CATEGORY |
status (normalized) | STATUS |
threatIntel.activeAttacks | ACTIVE_ATTACKS |
threatIntel.denialOfService | DENIAL_OF_SERVICE |
threatIntel.easyExploit | EASY_EXPLOIT |
threatIntel.exploitKit | EXPLOIT_KIT |
threatIntel.exploitKitNames | EXPLOIT_KIT_NAMES |
threatIntel.highDataLoss | HIGH_DATA_LOSS |
threatIntel.highLateralMovement | HIGH_LATERAL_MOVEMENT |
threatIntel.malwareNames | MALWARE_NAMES |
threatIntel.noPatch | NO_PATCH |
threatIntel.publicExploit | PUBLIC_EXPLOIT |
threatIntel.publicExploitNames | PUBLIC_EXPLOIT_NAMES |
threatIntel.zeroDay | ZERO_DAY |
typeDetected | TYPE_DETECTED |
vulnerability | VULNERABILITY |
Container Vulnerability Definition
| Source Field Name | SDM Attribute |
|---|---|
category | CATEGORIES |
cveids | CVE_IDS |
cvss3Info.baseScore | CVSS_V3_BASE_SCORE |
cvss3Info.temporalScore | CVSS_V3_TEMPORAL_SCORE |
cvssInfo.accessVector | CVSS_V2_VECTOR |
cvssInfo.baseScore | CVSS_V2_BASE_SCORE |
cvssInfo.temporalScore | CVSS_V2_TEMPORAL_SCORE |
patchAvailable | PATCH_AVAILABLE |
product | AFFECTED |
published | PUBLISHED_DATE |
| QID- + qid | UID |
severity | SOURCE_SEVERITY |
severity | SEVERITY_SCORE |
severity (normalized) | SEVERITY |
threatIntel.malware | MALWARE |
title | TITLE |
vendor | VENDOR |
Image Violation
| Source Field Name | SDM Attribute |
|---|---|
CID- + controls[].controlId | TYPE |
controls[].criticality | CRITICALITY |
controls[].datapoints[].key:value | RESULTS |
controls[].lastEvaluated | LAST_ASSESSED |
controls[].policyUuid | POLICY_UUID |
controls[].posture | SOURCE_STATUS |
controls[].posture (categorized) | STATUS_CATEGORY |
controls[].posture (normalized) | STATUS |
controls[].statement | STATEMENT |
controls[].technologyId | TECHNOLOGY_ID |
created | SOURCE_CREATED_DATE |
customerUuid | CUSTOMER_UUID |
lastComplianceScanned | LAST_SCANNED |
sha | TARGETS |
updated | SOURCE_LAST_MODIFIED |
| uuid + controlId | UID |
Container Violation
| Source Field Name | SDM Attribute |
|---|
Violation Definition
| Source Field Name | SDM Attribute |
|---|---|
category | CATEGORIES |
| CID- + id | UID |
comments | DESCRIPTION |
criticality | CRITICALITY |
deprecated | DEPRECATED |
isDeprecated | IS_DEPRECATED |
statement | STATEMENT |
subCategory | SUB_CATEGORY |
technologies[].id | TECHNOLOGY_ID |
technologies[].name | TECHNOLOGY_NAME |
technologies[].rational | RATIONAL |
technologies[].remediation | SOLUTION |
Operations & API
Expand each connector object to see its operation options, delta-sync behavior, and the API it uses. See connector operation options for how to apply operation options (keys and values are case-sensitive).
Host
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST (Asset Management filter search) · Endpoint:
POST {baseUrl}/rest/2.0/search/am/asset - Default filters:
asset.isContainerHost EQUALS true(only container hosts);sincemaps to theassetLastUpdatedquery parameter
Image
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST · Endpoint:
GET {baseUrl}/csapi/v1.3/images - Default filters:
filterquery parameter (e.g.created>now-{days}d); optionalimageId,repo.registry,repo.repositoryfilters
Container
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST · Endpoint:
GET {baseUrl}/csapi/v1.3/containers - Default filters:
filterquery parameter (e.g.created>now-{days}d); optionalcontainerId,vulnerabilities.severity,statefilters
Registry
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST · Endpoint:
GET {baseUrl}/csapi/v1.3/registry - Default filters: Optional
registryUrifilter via thefilterquery parameter
Exception
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST · Endpoint:
GET {baseUrl}/csapi/v1.3/exception - Default filters:
filterquery parameter (e.g.created>now-{days}d); optionalscopefilter
Image Vulnerability
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST · Endpoint:
GET {baseUrl}/csapi/v1.3/images - Default filters: Optional
severity,scanType,cveidsfilters via thefilterquery parameter
Image Vulnerability Definition
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST · Endpoint:
GET {baseUrl}/csapi/v1.3/images - Default filters: Optional
severity,scanType,cveidsfilters via thefilterquery parameter
Container Vulnerability
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST · Endpoint:
GET {baseUrl}/csapi/v1.3/containers - Default filters: Optional
severity,scanType,cveidsfilters via thefilterquery parameter
Container Vulnerability Definition
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST · Endpoint:
GET {baseUrl}/csapi/v1.3/containers - Default filters: Optional
severity,scanType,cveidsfilters via thefilterquery parameter
Image Violation
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST · Endpoint:
GET {baseUrl}/csapi/v1.3/images
Container Violation
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST · Endpoint:
GET {baseUrl}/csapi/v1.3/containers
Violation Definition
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST · Endpoint:
GET {baseUrl}/csapi/v1.3/controls
Changelog
The Qualys Container Security connector has undergone the following changes:
| Version | Description | Migration Steps |
|---|---|---|
| 5.3.41 | Bug Fixes - Fixed an issue where parallel container and image synchronization could exceed the configured parallelism level, opening more concurrent requests to the Qualys API than intended. Parallel execution now strictly respects the configured parallelism cap. | N/A |
| 5.3.40 | No changes in this release. | N/A |
| 5.3.39 | No changes in this release. | N/A |
| 5.3.38 | Bug Fixes - Corrected the data type of several Image Vulnerability Definition attributes so they match the values returned by the Qualys API: the CVSS v2 / v3 "Base score" and "Temporal score" attributes are now stored as numbers (were text), and "Zero day" is now stored as text (was Boolean). | • Image Vulnerability Definition: the CVSS base/temporal score and "Zero day" attributes changed data type. Re-sync the Qualys_CS connector to repopulate these records. |
| 5.3.37 | No changes in this release. | N/A |
| 5.3.36 | Improvements Coding Standards Modernization - Bumped http-connectors-parent from 2.1.7 to 2.1.12 and connectors-model from 1.5.10 to 1.6.19 to align with the current connector framework baseline. - Replaced all new AttributeInfoBuilder(...) usages with AttributeInfos.newAttribute(...) across all model classes. This ensures custom attributes are registered with the correct consolidation priority, so they participate properly in attribute consolidation and value precedence. - Removed local addAttribute helper methods in favor of AttributeUtils.addAttribute from connectors-model, which prevents null values from silently reaching the attribute builder and adds type validation. - Migrated storage initialization from the deprecated LocalFactory / LocalConfig to StorageManager from connectors-model. - Removed the connector-local InstantDeserializer / InstantUtils in favor of OptionalInstantDeserializer from connectors-model, which supports a broader set of input formats. - Applied Spotless code formatting to the full codebase. | N/A |
| 5.3.35 | New Features - Added support for fetching container labels from Qualys Container Security. When the Fetch container labels option is enabled, the connector retrieves label information (key-value metadata) for each container using the container detail API (GET /csapi/v1.3/containers/{sha}). Labels are stored as a multi-valued LABELS attribute on the Container model. - Added ContainerDetailResource — a lightweight DTO for the container detail API response, kept separate from ContainerResource because the detail API returns the vulnerabilities field as a JSON array while the list API returns it as a JSON object (reusing one DTO caused a deserialization mismatch). Improvements - Removed newSet() wrappers from addAllAttributeInfo() calls across model classes, returning Set<AttributeInfo> directly from common attribute methods. | N/A |
| 5.3.34 | No changes in this release. | N/A |
| 5.3.33 | No changes in this release. | N/A |
| 5.3.32 | No changes in this release. | N/A |
| 5.3.31 | No changes in this release. | N/A |
| 5.3.30 | No changes in this release. | N/A |
| 5.3.29 | No changes in this release. | N/A |
| 5.3.28 | No changes in this release. | N/A |
| 5.3.27 | No changes in this release. | N/A |
| 5.3.26 | No changes in this release. | N/A |
| 5.3.25 | No changes in this release. | N/A |
| 5.3.24 | No changes in this release. | N/A |
| 5.3.23 | No changes in this release. | N/A |
| 5.3.22 | No changes in this release. | N/A |
| 5.3.21 | No changes in this release. | N/A |
| 5.3.20 | Improvements Dependency Upgrades - Upgraded the http-connectors-parent framework baseline to align the connector with the current platform release. | N/A |
| 5.3.19 | Improvements Dependency Upgrades - Upgraded connectors-model and the Jackson JSON library to current baselines. | N/A |
| 5.3.18 | No changes in this release. | N/A |
| 5.3.17 | No changes in this release. | N/A |
| 5.3.16 | No changes in this release. | N/A |
| 5.3.15 | New Features - Expanded the Host model with additional asset detail attributes: operating-system lifecycle dates (GA, end-of-life, end-of-support) and lifecycle stage, network registration details (ASN, ISP, organization name), domain and subdomain, and WHOIS registration data (creation date, registrant organization, registrant email, registrar). Improvements Dependency Upgrades - Upgraded the http-connectors-parent framework and connectors-model baselines. | N/A |
| 5.3.14 | No changes in this release. | N/A |
| 5.3.13 | No changes in this release. | N/A |
| 5.3.12 | No changes in this release. | N/A |
| 5.3.11 | No changes in this release. | N/A |
| 5.3.10 | Improvements - Consolidated the Host model's network identity attributes onto multi-valued attributes (hostnames, public IP addresses, public/private DNS names), removing the older single-valued variants. This makes host matching and identity correlation more reliable for assets with multiple addresses or names. - Renamed the Image Vulnerability Definition and Container Vulnerability Definition "Patch available" attribute to "Patchable" to align with the standard finding-definition attribute set. Dependency Upgrades - Upgraded the http-connectors-parent framework, connectors-model, and storage library baselines. | • Host: the single-valued hostname, public IP address, and public/private DNS name attributes were removed in favor of multi-valued equivalents. Re-sync the Qualys_CS connector to repopulate Host records. • Image Vulnerability Definition / Container Vulnerability Definition: the "Patch available" attribute was renamed to "Patchable". Re-sync the Qualys_CS connector to repopulate these records. |
| 5.3.9 | No changes in this release. | N/A |
| 5.3.8 | No changes in this release. | N/A |
| 5.3.7 | No changes in this release. | N/A |
| 5.3.6 | Improvements - Renamed the Host model's data type from "Asset" to "Host" so container hosts map to the correct unified data model. | • Host: the model type changed from "Asset" to "Host". Purge and re-sync the Qualys_CS connector so existing host records are recreated under the new type. |
| 5.3.5 | No changes in this release. | N/A |
| 5.3.4 | No changes in this release. | N/A |
| 5.3.3 | Bug Fixes - Corrected the data type of the Container Vulnerability Definition CVSS v2 / v3 "Base score" and "Temporal score" attributes so they are stored as numbers (were text), and changed "Source severity" to a numeric value. | • Container Vulnerability Definition: the CVSS base/temporal score and "Source severity" attributes changed data type. Re-sync the Qualys_CS connector to repopulate these records. |
| 5.3.2 | Improvements Dependency Upgrades - Upgraded the connectors-model and storage library baselines. | N/A |
| 5.3.1 | No changes in this release. | N/A |
| 5.3.0 | Overview The Qualys Container Security connector integrates with Qualys Container Security to synchronize container hosts, images, registries, containers, their security violations, and vulnerability findings and definitions. Category: Container Security Models | N/A |