Qualys Extends EOL/EOS Software Detection to Containers and Kubernetes, Highlighting Cloud‑Native Asset Risk
What Happened – Qualys announced that its Cyber Security Asset Management (CSAM) platform now scans container images, registries, and Kubernetes workloads for end‑of‑life (EOL) and end‑of‑support (EOS) software. The capability adds deployment‑aware visibility so organizations can see where unsupported components are running in modern, cloud‑native environments.
Why It Matters for TPRM –
- Unsupported runtimes and base images can spread across clusters, creating systemic risk that is invisible to traditional host‑based inventories.
- Lack of patch support increases exposure to zero‑day exploits and compliance failures, especially in regulated sectors.
- Early detection enables third‑party risk managers to prioritize remediation based on business impact rather than raw CVE counts.
Who Is Affected – Enterprises that use containers/Kubernetes, SaaS providers, MSPs, and any organization relying on third‑party container images (e.g., finance, healthcare, technology).
Recommended Actions –
- Verify that your container registry and CI/CD pipelines are integrated with Qualys CSAM or an equivalent EOL/EOS detection tool.
- Conduct an inventory of base images and runtimes; flag any that have reached EOL/EOS.
- Prioritize remediation for workloads that expose critical data or high‑value services.
Technical Notes – The new module leverages Qualys’ existing software inventory engine, extending it to parse container layers and Kubernetes manifests. It identifies unsupported components through vendor‑published lifecycle data, not just CVE databases. No new CVEs are disclosed; the risk stems from the absence of vendor patches after EOL/EOS dates. Source: Qualys Blog – Extending EOL/EOS Software Intelligence Across Containers, Kubernetes, and Modern Workloads