Tag Archives: QScanner

Qualys released QScanner – a console vulnerability scanner for container images

Qualys released QScanner - a console vulnerability scanner for container images

Qualys released QScanner – a console vulnerability scanner for container images. Feed it an image and get a list of vulnerabilities (a la Trivy).

It supports:

“Local Runtimes: Scan images from Docker, Containerd, or Podman.
Local Archives: Analyze Docker images or OCI layouts from local files.
Remote Registries: Connect to AWS ECR, Azure Container Registry, JFrog, GHCR, and more.”

Capabilities:

🔹 Detects OS package vulnerabilities
🔹 Software Composition Analysis (SCA) for Ruby, Rust, PHP, Java, Go, Python, .NET and Node.js applications.
🔹 Detects secrets (passwords, API keys and tokens)

But it’s not free. 🤷‍♂️💸🙂 All cases, except SBOM generation, require ACCESS_TOKEN and Platform POD. QScanner is the interface of Qualys Container Security module.

It can be used for:

🔸 scanning local images on developers’ desktops
🔸 integration into CI/CD pipelines
🔸 integration with registries

The concept is interesting. 👍

На русском