Enumerate every LXC container and QEMU VM on a Proxmox node, inject the collector, scan, and collect all results into a single directory. One script, full infrastructure coverage.
pct list. Push the collector, run the scan, pull results.#!/usr/bin/env bash
set -euo pipefail
RESULTS=/tmp/vg-results
mkdir -p "$RESULTS"
VG_BIN=./version_gopher-linux-x64
echo "[*] Scanning LXC containers..."
pct list | awk 'NR > 1 {print $1}' | while read -r CTID; do
echo "[*] CT $CTID"
pct start "$CTID" 2>/dev/null || true
pct exec "$CTID" -- mkdir -p \
/opt/versiongopher /var/tmp/versiongopher
pct push "$CTID" "$VG_BIN" \
/opt/versiongopher/version_gopher \
--perms 0755 --user 0 --group 0
pct exec "$CTID" -- /bin/sh -lc \
"/opt/versiongopher/version_gopher -d /usr/bin \
-o /var/tmp/versiongopher/scan -j"
pct pull "$CTID" \
/var/tmp/versiongopher/scan.jsonl \
"$RESULTS/ct-${CTID}-scan.jsonl"
done
qm list. Skip VMs without a working guest agent.echo "[*] Scanning QEMU VMs..."
qm list | awk 'NR > 1 {print $1}' | while read -r VMID; do
echo "[*] VM $VMID"
qm start "$VMID" 2>/dev/null || true
# Skip VMs without a working guest agent
if ! qm agent "$VMID" ping >/dev/null 2>&1; then
echo "[!] VM $VMID: no guest agent, skipping"
continue
fi
qm guest exec "$VMID" -- /bin/sh -lc \
"mkdir -p /opt/versiongopher /var/tmp/versiongopher"
# Assumes collector is pre-staged in VM or template.
# For injection options, see the Proxmox VM guide.
qm guest exec "$VMID" --timeout 0 -- /bin/sh -lc \
"/opt/versiongopher/version_gopher -d /usr/bin \
-o /var/tmp/versiongopher/scan -j"
qm guest exec "$VMID" -- /bin/sh -lc \
"cat /var/tmp/versiongopher/scan.jsonl" \
| jq -r '."out-data"' \
> "$RESULTS/vm-${VMID}-scan.jsonl"
done
echo "[*] All results in $RESULTS/"
ls -la "$RESULTS/"
*.jsonl files through the dashboard with
Import > Upload File. For large fleets, import completion can finish before background
CVE matching is current, so use the Files With CVEs readiness state before treating CVE totals as final.