This document is intended provide the rationale for NULL "Last Scanned" date and "Vulnerabilities" fields in the API, and no software/vulnerability information in the UI.
Why is there no "Last Scanned" date and no vulnerability data?
Container/Image found by Cloud Agent/Scanner Appliance but no CS Sensor present
The Cloud Agent and scanner have the ability to discover images and containers using the following Information Gathered QIDs:
- QID 123782 - Docker Images Detected
- QID 370440 - Docker Running Container Enumerated
In order for any image or container to be scanned for vulnerabilities, the Qualys Container Sensor must be deployed and configured.
Container length of time running
If a container (not image) does not have vulnerability information, the following is a possible reason why: The container must run long enough for the CS Sensor to complete the scan.
No shell access on container/image
The CS Sensor requires shell access in order to scan a container/image.
Scratch images are currently not supported as they do not have a package manager for the CS Sensor to query (yum, apt, Alpine).
Unsupported Container OS
Windows Containers are currently not supported, this is a roadmap item for 2020.
If running a distribution of Linux that is not currently supported, we may not show vulnerability/software information.
Docker in Docker (DinD)
The CS Sensor on the server container host will detect the DinD container, but the CS Sensor is not able to detect the containers running inside of the DinD container.
The CS Sensor will only detect/scan containers and images that are on the same docker engine as itself.
How to filter out images and containers with NULL "Last Scanned" date?
You can use the following query: "not lastScanned is null"
For more information on the CS Container Sensor: