Release 4.2.0

September 24, 2024

What’s New?

Added Support for Operating Systems

QScanner now supports scanning images based on the following Operating Systems.

  • Amazon Linux 2023
  • Chainguard 
  • Photon 

Improved QScanner performance 

Improved QScanner performance by reducing the data handling requests with the help of bulk-insertion. Earlier, the requests were handled one at a time now, they are handled simultaneously. For large number of packages, the package insertion was a time-consuming operation. With the bulk insertion capability, QScanner has improved the performance for inserting large number of packages.

Change in Default Vulnerability Report

By default, QScanner used to generate vulnerability reports in 'JSON' and 'Tabular' formats. With this release, QScanner has changed the default report format to 'SARIF' and 'Tabular'. To see a SARIF report, refer to the 'Report Formats' topic in QScanner Online Help.

Improved Signature Evaluation for RPM Package Managers

With this release, QScanner will now be able to collect BuildTime and InstallTime for RPM package managers. This has improved the accuracy of the signature evaluation which is dependent on the 'BuildTime' and 'InstallTime' values. 

Issues Addressed

The following issue has been fixed with this release.

Category Issue
Data Collection Mode QScanner failed to access large tokens present in dpkg (Debian Package) status file which resulted in reporting of false QIDs.
Data Collection Mode When a non-root user executed QScanner, it failed to access the java-db.lock file.