Storage Drivers

QScanner saves the image and creates a .tar output. This operation can be time-consuming if the image size is large. If you have a 'docker' or 'containerd' runtime installed and the image is pulled locally, you can avoid image saving by making use of the runtime's underlying 'overlay2'  or 'containerd-overlay' file system respectively.

For this, you can use --storage-driver <storage-driver-option> flag.

The following storage driver options are supported:

  • none:
    Doesn't use any storage driver.
    Option: --storage-driver none
    Performs actual image save for scanning. This is the 'default' storage driver option. To be used when the container runtime uses a storage driver that is not supported by QScanner. Refer to 'Supported Container Runtimes' topic.
  • docker-overlay2:
    Uses overlay2 file system for docker environment.
    Option: --storage-driver docker-overlay2

    Set the docker root path as shown below if the docker root directory path is not set to default ("/var/lib/docker)
    $ export DOCKER_ROOT_DIR=$CUSTOM_DOCKER_ROOT_DIR
    $ ./qscanner --pod <Qualys POD> --access-token <QUALYS_ACCESS_TOKEN> --storage-driver docker-overlay2 image centos:latest

  • crio-overlay:
    Uses overlay file system for cri-o environment.
    Option: --storage-driver crio-overlay  

    In the case of `crio-overlay`, you can override the default installation config using /etc/crio/crio.conf.
    By default, the Cri-O socket location is `/var/run/crio/crio.sock`.
    To use a non-default CRI-O socket - '/my/custom/runtime/dir/crio/crio.sock', run the following command.
    $ export XDG_RUNTIME_DIR=/my/custom/runtime/dir
    QScanner refers to the above default Cri-O socket path for creating a client. You can override this default path by using `XDG_RUNTIME_DIR` environment variable.
    For the custom root directory, set `CRIO_ROOT_DIR` in the environment variable
    For example,
    $ export CRIO_ROOT_DIR=$CUSTOM_DOCKER_ROOT_DIR
    $ ./qscanner --pod US2 --access-token $QUALYS_ACCESS_TOKEN --storage-driver crio-overlay image centos:latest
    In absence of custom root directory, QScanner refers to the default path `/var/lib/containers/storage`.

  • containerd-overlay:
    Uses overlay file system for containerd environment.
    For example,
    $ export CONTAINERD_ROOT_DIR=$CUSTOM_DOCKER_ROOT_DIR
    $ ./qscanner image --storage-driver containerd-overlay centos:latest

Currently, the --storage-driver flag works only with 'docker' and 'containerd' runtimes.

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.