Configure QCSA Image

Before proceeding with this step, ensure that the Shared and Private directories are created on the Linux Host:

  1. Download QCSA Image
  2. Configure QCSA Image in Docker Host

Download QCSA Image

To create a QCSA Containerized Scanner, you need a QCSA image. To download QCSA image, perform the following steps.

  1. Log into the Qualys Enterprise TruRisk™ Platform.
  2. Choose the Vulnerability Management application.
  3. Go to Scans > Appliance.
  4. Select New > Containerized Scanner Appliance.
  5. Click Download Image Only.
  6. Select Download option in File Location for Docker Container in Distribution Package

    The file is downloaded with the name QCSA-x.x.x.tar.xz

    Containerized Scanner Appliances.

Configure QCSA Image in Docker Host 

  1. Copy the downloaded QCSA file on docker the host.
  2. Load the QCSA image from QCSA-x.x.x.tar.xz using the following command:

    docker load <qcsa-x.x.x.tar.xz

    Sample

    [root@localhost ~]# docker load < qcsa-1.2.14-1.tar.xz
cb97a8a5516f: Loading layer [==================================================>]  258.5MB/258.5MB
c23a8cb0ebde: Loading layer [==================================================>]  3.584kB/3.584kB
2e944a244219: Loading layer [==================================================>]  10.24kB/10.24kB
417c906b6960: Loading layer [==================================================>]  438.3kB/438.3kB
b8482ffa5c32: Loading layer [==================================================>]  86.64MB/86.64MB
6691426f6723: Loading layer [==================================================>]  25.09kB/25.09kB
4aeed0e93e54: Loading layer [==================================================>]  1.992MB/1.992MB
992cf61a6f0b: Loading layer [==================================================>]   2.56kB/2.56kB
cdfd11e805d2: Loading layer [==================================================>]   2.56kB/2.56kB
934be6ed065e: Loading layer [==================================================>]  13.33MB/13.33MB
48534e9e1084: Loading layer [==================================================>]  157.6MB/157.6MB
Loaded image: localhost/qualys/qcsa:latest
[root@localhost ~]#
  3. Check the image on the docker host using the following command:
    docker image ls

    Sample

    [root@localhost ~]# docker image ls
REPOSITORY              TAG       IMAGE ID       CREATED        SIZE
localhost/qualys/qcss   latest    127b3c09cd21   3 months ago   424MB
[root@localhost ~]#
 

  • The sample commands utilize Docker Engine as the container runtime, but they can also be executed using Podman.

  • The default PID limit (total number of processes and threads to run inside a container) for Podman is 2048. If the Docker host already has active processes, this limit may prevent the QCSA containerized scanner from running larger scans. To avoid this restriction when using Podman, we recommend running the QCSA containerized scanner with the '--pid-limit -1' option.

For detailed information on the QCSA command parameters used in examples, refer to Containerized Command Components.

Next Step

Step 2: Generate Personalization Code

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.