Version updated for https://github.com/nelssec/qualys-iac to version v1.0.0. This action is used across all versions by ? repositories. Action Type This is a Docker action. Go to the GitHub Marketplace to find the latest changes. Action Summary The Qualys IaC Security GitHub Action (Enhanced) automates the scanning of Infrastructure-as-Code (IaC) files for security vulnerabilities using Qualys TotalCloud policies. This enhanced version allows users to specify custom policies via the policy_name parameter, addressing the limitation of the official Qualys IaC action which only supports default policies.

Version updated for https://github.com/nelssec/qualys-code-scan to version v1. This action is used across all versions by ? repositories. Go to the GitHub Marketplace to find the latest changes. Action Summary The Qualys Code Scan GitHub Action automates the process of scanning code repositories for vulnerabilities, detecting secrets, and generating software bills of materials (SBOMs). It integrates with the GitHub Security tab, creates issues for identified vulnerabilities, and supports flexible pass/fail criteria using thresholds or Qualys cloud policies.

Version updated for https://github.com/nelssec/qualys-container-scan to version v1. This action is used across all versions by ? repositories. Go to the GitHub Marketplace to find the latest changes. Action Summary The Qualys Container Scan GitHub Action automates the scanning of Docker/OCI container images for security vulnerabilities and secrets within container layers using Qualys Container Security. It integrates with GitHub’s Security tab for SARIF report uploads, enables automatic creation of GitHub issues for detected vulnerabilities, and supports configurable pass/fail criteria based on thresholds or Qualys cloud policies.