Clair is an Open Source project from CoreOS, designed to scan Docker Images for Security Vulnerabilities.
In this scenario you will learn how to deploy Clair and scan Docker Images from the Docker Hub and private registries for known Vulnerabilities.
Scan Images for Vulnerabilities with CoreOS Clair
Step 1 - Deploy Postgres
Download Clair's Docker Compose File and Config
Clair requires a Postgres instance for storing the CVE data and it's service that will scan Docker Images for vulnerabilities. This has been defined within a Docker Compose file. Download it with the command below:
curl -LO https://raw.githubusercontent.com/coreos/clair/05cbf328aa6b00a167124dbdbec229e348d97c04/contrib/compose/docker-compose.yml
The Clair configuration defines how Images should be scanned. Download it with:
mkdir clair_config && curl -L https://raw.githubusercontent.com/coreos/clair/master/config.yaml.sample -o clair_config/config.yaml
Set the version of Clair to the last stable release and the default database password.
sed 's/clair-git:latest/clair:v2.0.1/' -i docker-compose.yml && \
sed 's/host=localhost/host=postgres password=password/' -i clair_config/config.yaml
Start the database below.
docker-compose up -d postgres
In the next step we'll populate the DB