Qualys Containerized Scanner Appliance

Release v1.2

Updated on: April 25, 2025

The Qualys Containerized Scanner Appliance(QCSA) allows users to deploy a Qualys scanner as a container. By utilizing the QCSA Docker image along with a Qualys subscription plan, users can create multiple Containerized Scanners. QCSA leverages the advantage of Docker's benefits, including faster deployment, enhanced efficiency, and optimized resource management. Additionally, it supports the same and automatic updates as the Qualys Virtual Scanner Appliances.

QCSA Features 

The QCSA offers the following features:

  • Supports scanning for Vulnerability Management (VM), Policy Compliance (PC), Web Application Scanning (WAS), MAP Scans.
  • Scan status and reports for supported scan types are accessible from the Qualys Enterprise TruRisk™ Platform.

  • Supports Docker Engine and Podman as container runtimes, both in rootful mode.

  • Supports proxy configuration.
  • Supports host networking.
  • Supports IPv6 Networking.
  • Allows creating multiple containerized scanners on one Linux Host, as long as the total resources allocated to the containerized scanner are within the Linux Host's resource limit. 
  • Supports running in 64-bit mode exclusively when 32-bit binary execution is disabled on the Linux Host. 
  • The containerized scanner in 64bit only mode limits support for certain target technologies within its scanning capabilities.
  • Avoid over-committing resources, as it can cause the container or host to malfunction. For example, if you over-commit swap, insufficient swap space on the host may result in the guest operating systems being forcibly shut down, rendering them inoperable.
  • The default PID limit (total number of processes and threads to run inside a container) for Podman is 2048. If the Docker host already has active processes, this limit may prevent the QCSA containerized scanner from running larger scans. To avoid this restriction when using Podman, we recommend running the QCSA containerized scanner with the '--pid-limit -1' option.

The current version of QCSA has a few limitations. For details, see Limitations.