QScanner Release 4.7.0 

December 02, 2025

With the QScanner 4.7.0 release, the following features are offered.

Improved Data Collection 

With this release, QScanner has upgraded its data collection process by improving the collection of the following Package Managers.

  • APK
  • RPM
  • Bottlerocket 
  • DPKG

Along with this, QScanner has upgraded its Software Composition Analysis (SCA) by improving the collection of software languages.

  • Java
  • Python
  • NodeJS

Improvement in Network Retries

QScanner now supports retries for all backend communications. The retries use exponential back-offs on each failed attempt. So, we would have default retries after 5s, 10s, 20s, 40s, 80s, 120s, and so on up to 10 times. The exact behavior is specific to each endpoint, but at a high level, below parameters allow some of the customizations:

  • --max-network-retries: Maximum number of retries to be performed in case of retriable server errors like response codes 429, 500, 502, 503, and so on. For certain endpoints, QScanner will retry on other response codes as well. For example, 404 is returned for fetching the vulnerability report and 424 is returned for fetching the policy evaluation result.
    If 0 is provided, no retries will be performed for any backend communication.
    Default value: 10
  • --network-retry-wait-min: Minimum duration to wait before attempting for 1st retry. Please note that certain communications have an extra wait time before attempting the 1st retry, as fetch-vuln-report waits for 15 seconds before trying to fetch the report.
    Default value: 5s
  • --network-retry-wait-max: Maximum interval possible between 2 consecutive retries.
    Default value: 2m0s

Previously available --poll-wait-interval and --poll-timeout flags have been deprecated. Use above mentioned flags instead.

Issues Addressed

The following issues have been fixed with this release.

Category Issue
SCA Scan Mode Scan remains in offline mode after fallback, affecting subsequent scans.
Post Scan Operation Temporary artifacts on Host were not getting deleted after interrupting a scan.

 

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: December, 2025