QScanner is a command-line utility specifically developed for scanning container images and conducting Software Composition Analysis (SCA). QScanner is designed to be compatible with various container orchestration systems, container runtimes, and operating systems.
Here are some key features of QScanner:
- Instant Console Results: Scan for vulnerabilities and receive real-time results directly on the console.
- Seamless Integration: Seamlessly integrate QScanner with your CICD pipelines and leverage the benefits of security policy-based evaluations.
- Broad Runtime Support: QScanner is compatible with multiple container runtimes enabling flexibility in deployment options. Currently, docker and containerd are supported.
- Software Composition Analysis: In addition to vulnerability scanning, QScanner supports the scanning of software packages. It covers a wide range of programming languages, including Ruby, Rust, PHP, Java, Go, Python, .NET, and Node.js, enabling comprehensive Software Composition Analysis (SCA) across diverse codebases.
After downloading, you receive a shell script file. By executing this script, your system's configuration including the OS architecture is assessed, and the suitable binary is downloaded accordingly.
Once the binary is successfully downloaded, you can either run it directly or incorporate it into your integration systems as needed.
Qualys QScanner Documentation