Storage Requirements for Sensor Scans

If you want to enable all types of scans, Qualys recommends the following server requirements.

•CPU Cores: 6

•RAM: 5GB

See the sections below to understand storage requirements for different scan types.

Dynamic Scan

Applicable to Registry Sensor only.

The Registry sensor pulls the Docker image on the host for scanning. Storage required on the partition where Docker is installed is based on the size of the image. The dynamic scan is performed on the cached image.

For an average image size of 4GB, the maximum storage requirement would be 16GB:

4GB image * 4 scan threads = 16GB

Static Scan

Applicable to General (Host) Sensor, Registry Sensor and Build (CI/CD) Sensor.

Additional storage is required on persistent storage to scan the image if the image does not have a shell. The static scan is performed on the container image. The storage requirement is approximately 3 times the size of the image.

For an average image size of 4GB where 4 scan threads are performing the image scan on images with no shell, the maximum storage requirement would be 48GB:

(4GB image * 3) * 4 scan threads = 48GB

SCA Scan

Applicable to General (Host) Sensor, Registry Sensor and Build (CI/CD) Sensor.

When the CS Sensor is running with --perform-sca-scan, it will require additional storage on the host to accommodate the image tar, which is usually the size of the image plus 100MB additional disk space used to store SCA scan metadata. The storage required is the image size plus 100MB times the number of threads performing the Docker image scan.

For an average image size of 4GB where 4 scan threads are performing the image scan, the maximum storage requirement is approximately 16.4GB:

(4GB image + 100MB) * 4 scan threads = 16.4GB

Static Log4j Detection

If static detection is triggered for images having shell, then additional space is required. This needs 3 times the size of the image.

For an average image size of 4GB, the additional storage requirement would be 12GB:

4GB image * 3 = 12GB