Clair

Clair

github.com

1

About this website

Clair is an open-source project for the static analysis of vulnerabilities in application containers (Docker and OCI). Originally developed by Red Hat for the Quay container registry (hence the repository path quay/clair), Clair has been adopted by multiple container registries and security tools. With over 10,000 stars as of 2026, Clair provides vulnerability scanning for container images by indexing the contents of images (extracting package information from the image layers) and matching them against known vulnerability databases. Key features include: layer-by-layer indexing (extracting package metadata from each image layer without running the container, supporting package managers including dpkg/apt for Debian-based, rpm/yum/dnf for RPM-based, apk for Alpine, and portage for Gentoo), vulnerability database sources (fetching vulnerability data from multiple advisory providers including NIST National Vulnerability Database, Debian Security Bug Tracker, Ubuntu CVE Tracker, Red Hat Security Data API, Oracle Linux Security Data, Alpine SecDB, AWS Linux Security Advisories, SUSE Security Data, and OSV), indexer and matcher microservices (separating the indexing of image contents from the matching of vulnerabilities, enabling independent scaling and caching), notification system (webhook-based notifications when new vulnerabilities affecting indexed images are discovered), RESTful API (enabling programmatic image scanning, report retrieval, and vulnerability queries), gRPC API (for high-performance internal communication), PostgreSQL backend (storing indexed data, vulnerability reports, and notification state), configurable update intervals (controlling how often vulnerability databases are refreshed), and integration with container registries (Quay, Harbor, and custom registries via the Clair API). Clair is written in Go.

Tags & Categories

Categories

Tags

Statistics

1
Views
0
Clicks
0
Like
0
Dislike

Comments

Log In to post a comment

No comments yet. Be the first!