Github url

clair

by quay

quay /clair

Vulnerability Static Analysis for Containers

6.8K Stars 852 Forks Last release: about 1 month ago (v2.1.4) Other 1.0K Commits 41 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

Clair

Build StatusDocker Repository on QuayGo Report CardGoDocIRC Channel

Note: The

master

branch may be in an unstable or even broken state during development. Please use releases instead of the

master

branch in order to get stable binaries.

Clair Logo

Clair is an open source project for the static analysis of vulnerabilities in application containers (currently including appc and docker).

  1. In regular intervals, Clair ingests vulnerability metadata from a configured set of sources and stores it in the database.
  2. Clients use the Clair API to index their container images; this creates a list of features present in the image and stores them in the database.
  3. Clients use the Clair API to query the database for vulnerabilities of a particular image; correlating vulnerabilities and features is done for each request, avoiding the need to rescan images.
  4. When updates to vulnerability metadata occur, a notification can be sent to alert systems that a change has occurred.

Our goal is to enable a more transparent view of the security of container-based infrastructure. Thus, the project was named

Clair

after the French term which translates to clear, bright, transparent.

Getting Started

Community

Contributing

See CONTRIBUTING for details on submitting patches and the contribution workflow.

License

Clair is under the Apache 2.0 license. See the LICENSE file for details.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.