Configure QCSA Image
Before proceeding with this step, ensure that the Shared and Private directories are created on the Linux Host:
Download QCSA Image
To create a QCSA Containerized Scanner, you need a QCSA image. To download the QCSA image, perform the following steps.
- Log into the Qualys Enterprise TruRisk™ Platform.
- Choose the Vulnerability Management application.
- Go to Scans > Appliance.
- Select New > Containerized Scanner Appliance.
- Click Download Image Only.
- Select the Download option in the File Location for Docker Container in the Distribution Package.
The file is downloaded with the name QCSA-x.x.x.tar.xz
Configure QCSA Image in Linux Host
- Copy the downloaded QCSA file to the Linux host.
- Load the QCSA image from QCSA-x.x.x.tar.xz using the following command:
docker load
<qcsa-x.x.x.tar.xz
Sample
[root@localhost ~]# docker load < qcsa-1.2.14-1.tar.xz cb97a8a5516f: Loading layer [==================================================>] 258.5MB/258.5MB c23a8cb0ebde: Loading layer [==================================================>] 3.584kB/3.584kB 2e944a244219: Loading layer [==================================================>] 10.24kB/10.24kB 417c906b6960: Loading layer [==================================================>] 438.3kB/438.3kB b8482ffa5c32: Loading layer [==================================================>] 86.64MB/86.64MB 6691426f6723: Loading layer [==================================================>] 25.09kB/25.09kB 4aeed0e93e54: Loading layer [==================================================>] 1.992MB/1.992MB 992cf61a6f0b: Loading layer [==================================================>] 2.56kB/2.56kB cdfd11e805d2: Loading layer [==================================================>] 2.56kB/2.56kB 934be6ed065e: Loading layer [==================================================>] 13.33MB/13.33MB 48534e9e1084: Loading layer [==================================================>] 157.6MB/157.6MB Loaded image: localhost/qualys/qcsa:latest [root@localhost ~]#
- Check the image on the Linux host using the following command:
docker image lsSample
[root@localhost ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE localhost/qualys/qcss latest 127b3c09cd21 3 months ago 424MB [root@localhost ~]#
-
The sample commands utilize Docker Engine as the container runtime, but they can also be executed using Podman.
-
A low cgroups PID limit (total number of processes and threads to run inside a container) on a Linux host may prevent the QCSA containerized scanner from executing larger scans. Running Containerized scanner with option
'--pids-limit -1'
, this pids limit can be removed, or running containerized scanner with option'
-e DISREGARD_PID_LIMIT=yes'
will override the pids limit check.
For detailed information on the QCSA command parameters used in examples, refer to Containerized Command Components.