0

Clair

容器的漏洞静态分析。(Vulnerability Static Analysis for Containers)

Official Site
Github repo
Main metrics

Github stars Tracking Chart

Clair

注意:主分支可能处于不稳定甚至中断状态。请使用 releases 而不是 master 分支来获得稳定的二进制文件。

Clair 是一个开源项目,用于静态分析应用程序容器(目前包括 appc 和 docker)中的漏洞。

  1. Clair 会定期从一组已配置的源中提取漏洞元数据,并将其存储在数据库中。
  2. 客户端使用 Clair API 来索引其容器映像;这将创建映像中存在的功能列表,并将它们存储在数据库中。
  3. 客户端使用 Clair API 在数据库中查询特定映像的漏洞;为每个请求关联漏洞和功能,避免重新扫描映像。
  4. 发生漏洞元数据更新时,可以向警报系统发送通知,告知发生了更改。

我们的目标是使基于容器的基础设施的安全性具有更透明的视图。因此,该项目以法语术语 Clair 命名,意思是清晰、明亮、透明。

入门

社区

贡献

有关提交修补程序和贡献工作流程的详细信息,请参阅“贡献”

许可

Clair 属于 Apache 2.0 许可证。有关详细信息,请参阅 LICENSE 文件。

(First edition: vz edited at 2019.08.24)

Main metrics

Overview
Name With Ownerquay/clair
Primary LanguageGo
Program languageGo (Language Count: 5)
PlatformDocker, Kubernetes, Linux
License:Apache License 2.0
所有者活动
Created At2015-11-13 18:46:16
Pushed At2025-04-22 15:26:18
Last Commit At
Release Count134
Last Release Namev4.8.0 (Posted on 2024-10-09 11:53:11)
First Release Namev0.0.1 (Posted on )
用户参与
Stargazers Count10.6k
Watchers Count228
Fork Count1.2k
Commits Count2.1k
Has Issues Enabled
Issues Count665
Issue Open Count9
Pull Requests Count1191
Pull Requests Open Count21
Pull Requests Close Count265
项目设置
Has Wiki Enabled
Is Archived
Is Fork
Is Locked
Is Mirror
Is Private

Clair

Build Status
Docker Repository on Quay
Go Report Card
GoDoc
IRC Channel

Note: The master branch may be in an unstable or even broken state during development.
Please use releases instead of the master branch in order to get stable binaries.

Clair Logo

Clair is an open source project for the static analysis of vulnerabilities in application containers (currently including appc and docker).

  1. In regular intervals, Clair ingests vulnerability metadata from a configured set of sources and stores it in the database.
  2. Clients use the Clair API to index their container images; this creates a list of features present in the image and stores them in the database.
  3. Clients use the Clair API to query the database for vulnerabilities of a particular image; correlating vulnerabilities and features is done for each request, avoiding the need to rescan images.
  4. When updates to vulnerability metadata occur, a notification can be sent to alert systems that a change has occurred.

Our goal is to enable a more transparent view of the security of container-based infrastructure.
Thus, the project was named Clair after the French term which translates to clear, bright, transparent.

Getting Started

Community

Contributing

See CONTRIBUTING for details on submitting patches and the contribution workflow.

License

Clair is under the Apache 2.0 license. See the LICENSE file for details.