Skip to content
/ clair-docker Public

Deployment-ready docker configuration and instructions to use Quay Clair on your infrastructure and CIs

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

flavienbwk/clair-docker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
clair_config
clair_config
 
 
scan
scan
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
scan.docker-compose.yml
scan.docker-compose.yml
 
 

Repository files navigation

clair-docker

Deployment-ready docker configuration and instructions to use Quay Clair on your infrastructure and CIs

Start Clair server

Run the following command, then wait about 5 minutes the time Clair indexes all CVEs.

docker-compose up -d

Scanning an image

Use the utility container I've provided to easily scan an image, including one from a private registry.

  1. Check the env variables of scan.docker-compose.yml

  2. Run the scan !

    docker-compose -f scan.docker-compose.yml up

Updating for air-gapped systems

  1. On internet-connected machine :
clairctl --config clair_config/config.yml export-updaters updates.gz

ℹ️ The archive will be ~8.5Gb

  1. Transfer the updates.gz archive and run :
clairctl import-updaters http://web.svc/updates.gz
  1. Matcher processes should have the disable_updaters key set to disable automatic updaters running.
matcher:
  disable_updaters: true

About

Deployment-ready docker configuration and instructions to use Quay Clair on your infrastructure and CIs

Topics

docker security continuous-integration clair docker-rootless

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages