QScanner Release 4.8.0
February 27, 2026
With the QScanner 4.8.0 release, the following features are offered.
- Automating QScanner Version Updates
- Support for MacOS (darwin-arm64)
- 'Overlayfs' Storage Driver Support for Docker
- Added Support for Operating Systems
- Support for a Scan Type - File Insight
- Improvement in Static Image Scan
- Renaming of Policy Evaluation Argument
Automating QScanner Version Updates
With this release, QScanner introduces a new command - 'update' - to help you stay on the latest version effortlessly.
QScanner must be connected to the internet for the 'update' command to work. Hence, this command won't work in an air-gapped environment.
The newly downloaded QScanner binary gets downloaded in your current directory as '../<latest-version>/. You can customise the download path with the help of '--destination' argument.
Additionally, after every 7 days, during a regular scan, QScanner now checks for the latest version when '--perform-version-check' is set to 'true'. It shows the latest available version in your environment on the console.
A newer qscanner version (v4.8.0) is available. Run './qscanner update' to download latest version
Support for MacOS (darwin-arm64)
QScanner now supports scanning images on MacOS systems running both Intel (Darwin) and Apple Silicon (ARM64 – M1, M2, etc.) processors, improving compatibility with modern Mac development and CI/CD environments.
With this enhancement, QScanner now supports the following architectures.
- Linux x86_64
- Linux ARM64
- Darwin AMD64
- Darwin ARM64
QScanner supports 'remote' as well as 'local' image scanning. On a MacOS host, remote image scanning is supported with Podman Desktop and Docker Desktop. Currently, QScanner does not support a storage driver (--storage-driver) on MacOS.
'Overlayfs' Storage Driver Support for Docker
Along with 'overlay2' file system, QScanner now supports 'overlayfs (containerd snapshotter) for Docker environment. Many modern container runtimes and Docker configurations—especially on lightweight Linux distributions, and VM‑based CI runners—use overlayfs using snapshotter interfaces. With the overlayfs storage driver support, QScanner now supports such modern configurations.
The 'overlayfs' storage driver is supported in all QScanner modes. To know more, refer to QScanner Online Help.
Supported Storage Drivers by QScanner
| Runtime | Storage Driver |
|---|---|
| Docker | docker-overlayfs |
| docker-overlay2 | |
| Containerd | containerd-overlay |
| Crio | crio-overlay |
| Podman | podman-overlay |
Added Support for new Operating Systems and Package Manager
QScanner v4.8.0 expands the coverage for OS of scan targets by introducing support for:
OS
- BellSoft Alpaquita Linux - A minimal, secure distro optimized for production workloads.
- Arch Linux - A highly customizable, advanced-user distro with rolling updates.
Package Manager
- Pacman - The default package manager for Arch Linux.
To know about all supported OSs, refer to QScanner Online Help.
Support for a new Scan Type - File Insight
Earlier, QScanner enabled its support for OS, SCA, and Secret scans on images. With this release, QScanner offers the 'File Insight' scan for images.
The File Insight scan collects detailed metadata of files encountered during scans based on configured rules. The scan captures attributes such as file path, size, permissions, hashes, MIME type, origin layer (for images), and executable metadata (ELF/PE). By default, OS-installed system files are excluded from results.
With this release, the File Insight scan is enabled by default.
Usage: --scan-types <scan type>
Default values: pkg, fileinsight
Improvement in Static Scan on Container Image
QScanner performs a Static scan of the target to collect different types of information based on the scan types that have been specified by you. Scans to perform can be specified using '--scan-types' flag and can have multiple values like 'pkg' and 'secret'.
--scan-types pkg,secret
QScanner has improved the data collection for Static Scan on container images. This, in turn, has improved the accuracy of a Static Scan.
Renaming Policy Evaluation Argument
With this release, QScanner is deprecating the '--tags' argument. Policy evaluation was based on such tags. Instead, you are requested to use the newly introduced '--policy-tags' argument. The purpose remains the same.
| Old Argument | New Argument |
|---|---|
| --tags | --policy-tags |
Issues Addressed
The following issues have been fixed with this release.
| Category | Issue |
|---|---|
| Reporting | QScanner failed to detect some of the QIDs associated with OS. |
| Scan | QScanner failed to scan images with stripped history. |