{"id":22018524,"url":"https://github.com/flavienbwk/clair-docker","last_synced_at":"2026-04-13T22:33:17.641Z","repository":{"id":124243295,"uuid":"420445120","full_name":"flavienbwk/clair-docker","owner":"flavienbwk","description":"Deployment-ready docker configuration and instructions to use Quay Clair on your infrastructure and CIs","archived":false,"fork":false,"pushed_at":"2022-01-22T23:23:17.000Z","size":30,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-23T09:35:27.099Z","etag":null,"topics":["clair","continuous-integration","docker","docker-rootless","security"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/flavienbwk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-10-23T15:07:53.000Z","updated_at":"2023-10-23T05:19:23.000Z","dependencies_parsed_at":null,"dependency_job_id":"b781fc21-8c9a-45ef-a16c-4236c03e63d7","html_url":"https://github.com/flavienbwk/clair-docker","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/flavienbwk/clair-docker","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flavienbwk%2Fclair-docker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flavienbwk%2Fclair-docker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flavienbwk%2Fclair-docker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flavienbwk%2Fclair-docker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/flavienbwk","download_url":"https://codeload.github.com/flavienbwk/clair-docker/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flavienbwk%2Fclair-docker/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31774028,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-13T20:17:16.280Z","status":"ssl_error","status_checked_at":"2026-04-13T20:17:08.216Z","response_time":93,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["clair","continuous-integration","docker","docker-rootless","security"],"created_at":"2024-11-30T05:12:27.876Z","updated_at":"2026-04-13T22:33:17.634Z","avatar_url":"https://github.com/flavienbwk.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# clair-docker\n\n[![Linux build of clair-docker](https://github.com/flavienbwk/clair-docker/actions/workflows/main.yml/badge.svg)](https://github.com/flavienbwk/clair-docker/actions/workflows/main.yml)\n\nDeployment-ready docker configuration and instructions to use Quay Clair on your infrastructure and CIs\n\n\u003e 🌟 If this repo helped you please leave a star !  \n\u003e :smiley: Suggestions and feedbacks are [highly appreciated](https://github.com/flavienbwk/clair-docker/issues/new)\n\n## Start Clair server\n\nRun the following command, then wait about 5 minutes the time Clair indexes all CVEs.\n\n```bash\ndocker-compose up -d\n```\n\n## Scanning an image\n\nUse the utility container I've provided to easily scan an image, including one from a private registry.\n\n1. Check the env variables of [scan.docker-compose.yml](./scan.docker-compose.yml)\n\n2. Run the scan !\n\n    ```bash\n    docker-compose -f scan.docker-compose.yml up\n    ```\n\n    You can try this vulnerable image : `quay.io/noseka1/deep-dive-into-clair`\n\n## Integrating with your CI\n\n1. Build the scan image and tag it\n\n    ```bash\n    docker build ./scan -t ghcr.io/flavienbwk/clair-docker/quay-clair-scan:v4.3.0\n    ```\n\n2. Push the image to your registry\n\n3. Adapt the following command to your CI\n\n    ```bash\n    docker run --rm -e IMAGE_NAME=\"node:10-alpine\" -e CLAIR_ENDPOINT=\"http://172.17.0.1:6060\" -e REGISTRY_ENDPOINT=\"\" -e REGISTRY_USERNAME=\"\" -e REGISTRY_PASSWORD=\"\" --privileged --network=\"host\" -it ghcr.io/flavienbwk/clair-docker/quay-clair-scan:v4.3.0\n    echo \"Exit code : $?\"\n    ```\n\n## Updating for air-gapped systems\n\nYou must first have a connected Clair cluster initialized to perform the following actions\n\n1. On internet-connected machine :\n\n    ```bash\n    clairctl --config clair_config/config.yml export-updaters updates.json\n    gzip updates.json\n    ```\n\n    :information_source: The **gz** file will be ~8.5Gb\n\n2. Move the `updates.json.gz` archive in the `clair_config/` directory and run update :\n\n    ```bash\n    mv updates.json.gz clair_config/\n    docker exec -it $(docker-compose ps -q | head -1) bash\n\n    # Inside the `clair` container\n    cd /config \u0026\u0026 clairctl import-updaters updates.json.gz\n    ```\n\n3. Matcher processes should have the disable_updaters key set to disable automatic updaters running.\n\n    ```yml\n    matcher:\n        disable_updaters: true\n    ```\n\n## Learn more\n\nTo learn more about Quay Clair, I recommend you :\n\n- The [official Clair documentation](https://quay.github.io/clair/)\n- Ales Nosek's video [\"Deeping Dive into Image Vulnerabillity\"](https://www.youtube.com/watch?v=kLpEbUBn06A)\n\nWarning : GitLab 14+ [deprecated Clair in favor of Trivy](https://about.gitlab.com/blog/2021/06/04/gitlab-moving-to-14-breaking-changes/#container-scanning-engine-clair-removal)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflavienbwk%2Fclair-docker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fflavienbwk%2Fclair-docker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflavienbwk%2Fclair-docker/lists"}