docker:vulnerability_scanning_tools:clair
This is an old revision of the document!
Table of Contents
Docker - Vulnerability Scanning Tools - Clair
Clair is an open-source project for the static analysis of vulnerabilities in application containers.
- Clair analyzes container images and compares them against known vulnerabilities.
Usage
clair-scanner --ip <IP> <image-name>
NOTE: Pass the IP of the Clair server along with the Docker image to analyze.
Install
git clone git@github.com:quay/clair.git cd clair docker-compose up -d # or: make local-dev # or: make local-dev-debug # or: make local-dev-quay
NOTE: After the local development environment successfully starts, the following infrastructure is available to you:
- localhost:8080
Dashboards and debugging services -- See the traefik configs in local-dev/traefik for where the various services are served.
- localhost:6060
Clair services.
Quay (if started)
Quay will be started in a single node, local storage configuration. A random port will be forwarded from localhost, see podman port for the mapping.
PostgreSQL
PostgreSQL will have a random port forwarded from localhost to the database server. See local-dev/clair/init.sql for credentials and permissions and podman port for the mapping.
References
docker/vulnerability_scanning_tools/clair.1747824263.txt.gz · Last modified: 2025/05/21 10:44 by peter