Quick Start

You can run QScanner using its Binary or you can also use QScanner image available on DockerHub. This topic explains running a QScanner scan, and generating their respective outputs.

Using QScanner Binary

To run a vulnerability scan using QScanner Binary, follow the steps mentioned below.

  1. Download the latest QScanner Shell script from www.qualys.com/downloads/qscanner
  2. Login to Qualys Enterprise TruRisk™ Platform and get the access token from CONFIGURATIONSAccess Token.
  3. To communicate with the Enterprise TruRisk™ Platform using QScanner, run 
    $ export QUALYS_ACCESS_TOKEN=<your-access-token>
  4. Run the following command to collect vulnerabilities.
    $ ./qscanner --pod <POD name> image <Image name>


- A list of supported pods can be found in Appendix: POD Identifiers.
- You might need to provide --skip-verify-tls=true flag if you are running in a proxy environment.
- For faster data collection you can make use of:
   - Caching
   - Storage Drivers
- Once data is collected, QScanner communicates (polls) with Qualys backend to fetch the vulnerability report. By default, this polling happens every 60 seconds, but it is configurable using the --poll-wait-interval flag.

Sample Output

$ ./qscanner --pod US3 image centos
   ____    _____
  / __ \  / ___/  _____  ____ _   ____    ____   ___    _____
 / / / /  \__ \  / ___/ / __ `/  / __ \  / __ \ / _ \  / ___/
/ /_/ /  ___/ / / /__  / /_/ /  / / / / / / / //  __/ / /
\___\_\ /____/  \___/  \__,_/  /_/ /_/ /_/ /_/ \___/ /_/

By Qualys | version: 4.2.0-1

2024-08-26T11:57:54.034+0530    INFO    New instance of qscanner-4.2.0-1 started with invocation ID fc90dc02-6d29-4642-96d0-5090fa5fb467
2024-08-26T11:57:54.034+0530    INFO    Fetching image details
2024-08-26T11:57:57.278+0530    INFO    Image source: remote
2024-08-26T11:57:58.830+0530    INFO    Starting Metadata scan
2024-08-26T11:57:58.830+0530    INFO    Metadata scan completed in 304.397µs
2024-08-26T11:57:58.830+0530    INFO    Starting [os sca] scan
2024-08-26T11:58:02.784+0530    INFO    [os sca] scan completed in 3.953913365s
2024-08-26T11:58:02.785+0530    INFO    OS detected: CentOS Linux 8.4.2105
2024-08-26T11:58:02.785+0530    INFO    OS package(s) detected: 180
2024-08-26T11:58:02.785+0530    INFO    Technologies detected: 0
2024-08-26T11:58:02.785+0530    INFO    Language package(s) detected: 0
2024-08-26T11:58:02.785+0530    INFO    All scans completed in 3.954812719s
2024-08-26T11:58:02.787+0530    INFO    Scan Result JSON created at /root/qualys/qscanner/data/5d0da3dc976460b72c77d94c8a1ad043720b0416bfc16c52c45d4847e53fadb6-ScanResult.json
2024-08-26T11:58:02.787+0530    INFO    Creating changelist
2024-08-26T11:58:02.892+0530    INFO    Compressed Changelist DB created at /root/qualys/qscanner/data/5d0da3dc976460b72c77d94c8a1ad043720b0416bfc16c52c45d4847e53fadb6-ChangeList.db.xz
2024-08-26T11:58:02.892+0530    INFO    Uploading changelist /root/qualys/qscanner/data/5d0da3dc976460b72c77d94c8a1ad043720b0416bfc16c52c45d4847e53fadb6-ChangeList.db.xz
2024-08-26T11:58:04.338+0530    INFO    Changelist uploaded successfully
2024-08-26T11:58:04.339+0530    INFO    Skip fetching of policy evaluation result
2024-08-26T11:58:04.339+0530    INFO    Fetching vulnerability report
2024-08-26T11:59:05.582+0530    INFO    Vulnerability report received
2024-08-26T11:59:05.582+0530    INFO    1 vulnerability found!
2024-08-26T11:59:05.582+0530    INFO      Severity 5: 1
2024-08-26T11:59:05.582+0530    INFO      Severity 4: 0
2024-08-26T11:59:05.582+0530    INFO      Severity 3: 0
2024-08-26T11:59:05.582+0530    INFO      Severity 2: 0
2024-08-26T11:59:05.582+0530    INFO      Severity 1: 0
Vulnerabilities:

2024-08-26T11:59:05.585+0530    INFO    For more details refer /root/qualys/qscanner/data/5d0da3dc976460b72c77d94c8a1ad043720b0416bfc16c52c45d4847e53fadb6-Report.sarif.json
2024-08-26T11:59:05.585+0530    INFO    Skipping policy evaluation

 

Using QScanner DockerHub Image

You can also use QScanner image that is available at Docker Hub.

By default image will spawned with root user which does not need any extra permissions for all mount paths (persistent cache, output_dir, docker socket, storage driver dir) from host.

Default sample command with root user is given below.

$ docker run --env QUALYS_ACCESS_TOKEN=$QUALYS_ACCESS_TOKEN \
             --volume {local-cache-dir}:{cache-dir} \
             --volume /var/run/docker.sock:/var/run/docker.sock \
             qualys/qscanner:latest image sentry \
             --pod US3 \
             --proxy {proxy-url} \
             --cache local

To spawn image with non root user, you can specify user role while spawning the image.

Default sample command with non root user is given below.
$ groupadd -r -g 555 $GROUP
$ useradd -r -u 555 -g $GROUP $USER
$ chown -R $USER:$GROUP $HOST_PATH
$ docker run -u 555 --env QUALYS_ACCESS_TOKEN=$QUALYS_ACCESS_TOKEN \ 
  --env HOME=$HOME --volume $HOST_PATH:{cache-dir} \
  --volume $HOST_PATH:{output-dir} \ 
  art-hq.intranet.qualys.com:5001/qualys/qscanner:latest image centos:7.8.2003 \ 
  --pod US1 -l debug --cache local

If you are a non-root user, all mounted host paths should have non-root user permission else scan will fail with permission denied error.

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.