Scanning a Private Registry

You can scan an image present in a private or remote registry (JFrog, RedHat Quay, GHCR, and so on). The following registry flags are used for scanning a private registry image. All registry flags mentioned below can be set either using their associated syntax or environment variable. 

Name Flag Environment Variable Description
Registry Username --registry-username QSCANNER_REGISTRY_USERNAME

Usage: $ export QSCANNER_REGISTRY_USERNAME=<registry username> 		Specify the registry username.
Registry Password --registry-password QSCANNER_REGISTRY_PASSWORD

Usage: $ export QSCANNER_REGISTRY_PASSWORD=<registry password>  		Specify the registry password.
Registry Token --registry-token QSCANNER_REGISTRY_TOKEN

Usage: $ export QSCANNER_REGISTRY_TOKEN=<access-token> 		Specify the registry token.

While using this authentication mechanism, '--registry-username', and '--registry-password' flags or QSCANNER_REGISTRY_USERNAME and QSCANNER_REGISTRY_PASSWORD environment should not be set.

Qualys recommends setting the registry flags using environment variables.

Use the following syntax to scan an image present in a private registry with a Registry username and password.

$ export QUALYS_ACCESS_TOKEN=<access-token>
$ export QSCANNER_REGISTRY_USERNAME=<registry-username>
$ export QSCANNER_REGISTRY_PASSWORD=<registry-password>
$ ./qscanner --pod <POD Name> image <registry>/<repo>:<tag>

 

 

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.