clair v4.0.0 RC17 releases: Vulnerability Static Analysis for Containers
- In regular intervals, Clair ingests vulnerability metadata from a configured set of sources and stores it in the database.
- Clients use the Clair API to index their container images; this creates a list of features present in the image and stores them in the database.
- Clients use the Clair API to query the database for vulnerabilities of a particular image; correlating vulnerabilities and features is done for each request, avoiding the need to rescan images.
- When updates to vulnerability metadata occur, a notification can be sent to alert systems that a change has occurred.
Our goal is to enable a more transparent view of the security of the container-based infrastructure. Thus, the project was named
Clair after the French term which translates to clear, bright, transparent.
- Container – the execution of an image
- Image – a set of tarballs that contain the filesystem contents and run-time metadata of a container
- Layer – one of the tarballs used in the composition of an image, often expressed as a filesystem delta from another layer
Specific to Clair
- Ancestry – the Clair-internal representation of an Image
- Feature – anything that when present in a filesystem could be an indication of a vulnerability (e.g. the presence of a file or an installed software package)
- Feature Namespace (featurens) – a context around features and vulnerabilities (e.g. an operating system or a programming language)
- Vulnerability Source (vulnsrc) – the component of Clair that tracks upstream vulnerability data and imports them into Clair’s database
- Vulnerability Metadata Source (vulnmdsrc) – the component of Clair that tracks upstream vulnerability metadata and associates them with vulnerabilities in Clair’s database
Changelog v4.0 RC17
- 37f7791: claircore bump v0.1.13
- d2bc2b6: remove deprecated set-env commands
- 0cfda4d: update documentation action
- 49e01d6: fix container build
- 2363778: add environment variables for clairctl
- dc4bda4: add Makefile target to build docs website
- 15b607a: add pgadmin4 container
- 673bd0f: fix poller loop
Copyright (C) 2015 coreos