Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/quay/clair

Vulnerability Static Analysis for Containers
https://github.com/quay/clair

clair containers docker go kubernetes oci oci-image static-analysis vulnerabilities

Last synced: 7 days ago
JSON representation

Vulnerability Static Analysis for Containers

Host: GitHub
URL: https://github.com/quay/clair
Owner: quay
License: apache-2.0
Created: 2015-11-13T18:46:16.000Z (almost 9 years ago)
Default Branch: main
Last Pushed: 2024-04-26T21:17:05.000Z (6 months ago)
Last Synced: 2024-04-27T05:00:23.118Z (6 months ago)
Topics: clair, containers, docker, go, kubernetes, oci, oci-image, static-analysis, vulnerabilities
Language: Go
Homepage: https://quay.github.io/clair/
Size: 33.2 MB
Stars: 10,041
Watchers: 228
Forks: 1,151
Open Issues: 30
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: .github/CONTRIBUTING.md
- License: LICENSE
- Code of conduct: code-of-conduct.md
- Codeowners: CODEOWNERS
- Roadmap: ROADMAP.md

Awesome Lists containing this project

awesome-DevOpsSec - Clair - Vulnerability Static Analysis for Containers (Tools / Kubernetes)
awesome-containerized-security - clair
Self-Hosting-Guide - Clair - spec/blob/master/spec.md) and [Docker](https://github.com/docker/docker/blob/master/image/spec/v1.2.md)). (Tools for Self-Hosting / Containers)
awesome-devsecops - Clair - _Red Hat_ - Scan App Container and Docker containers for publicly disclosed vulnerabilities. (Tools / Infrastructure as Code Analysis)
DevSecOps - https://github.com/quay/clair - the-badge) | (Containers)
awesome - quay/clair - Vulnerability Static Analysis for Containers (Go)
awesome-repositories - quay/clair - Vulnerability Static Analysis for Containers (Go)
awesome-cloud-security - Quay - Clair
awesome-software-supply-chain-security - quay/clair: Vulnerability Static Analysis for Containers
awesome-starred - quay/clair - Vulnerability Static Analysis for Containers (kubernetes)
awesome-docker - Clair - Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers. By [@coreos][coreos] (Container Operations / Security)
awesome-golang-repositories - clair
awesome-docker-security - Clair - Vulnerability Static Analysis to discovering Common Vulnerability Exposure (CVE) on containers and can integrate with CI like Gitlab CI which included on their [template](https://docs.gitlab.com/ee/user/application_security/container_scanning/). (Tools / Container Scanning)
awesome-cloud-security - 地址
awesome-devsecops-russia - Clair
awesome-hacking-lists - quay/clair - Vulnerability Static Analysis for Containers (Go)
awesome-docker - Clair - Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers. By [@coreos][coreos] (Container Operations / Security)
awesome-software-supply-chain-security - Clair - ![GitHub stars](https://img.shields.io/github/stars/quay/clair?style=flat-square) - Vulnerability Static Analysis for Containers (Container Security Scanners)
awesome-devsecops - Clair - _Red Hat_ - Scan App Container and Docker containers for publicly disclosed vulnerabilities. (Tools / Infrastructure as Code Analysis)

README

        # Clair

[![Docker Repository on Quay](https://quay.io/repository/projectquay/clair/status "Docker Repository on Quay")](https://quay.io/repository/projectquay/clair)

[![PkgGoDev](https://pkg.go.dev/badge/github.com/quay/clair/v4 "Go Documentation")](https://pkg.go.dev/github.com/quay/clair/v4)

[![IRC Channel](https://img.shields.io/badge/freenode-%23clair-blue.svg "IRC Channel")](http://webchat.freenode.net/?channels=clair)

**Note**: The `main` branch may be in an *unstable or even broken state* during development.

Please use [releases] instead of the `main` branch in order to get stable binaries.

![Clair Logo](https://cloud.githubusercontent.com/assets/343539/21630811/c5081e5c-d202-11e6-92eb-919d5999c77a.png)

Clair is an open source project for the [static analysis] of vulnerabilities in

application containers (currently including [OCI] and [docker]).

Clients use the Clair API to index their container images and can then match it against known vulnerabilities.

Our goal is to enable a more transparent view of the security of container-based infrastructure.

Thus, the project was named `Clair` after the French term which translates to *clear*, *bright*, *transparent*.

[The book] contains all the documentation on Clair's architecture and operation.

[OCI]: https://github.com/opencontainers/image-spec/blob/master/spec.md

[docker]: https://github.com/docker/docker/blob/master/image/spec/v1.2.md

[releases]: https://github.com/quay/clair/releases

[static analysis]: https://en.wikipedia.org/wiki/Static_program_analysis

[The book]: https://quay.github.io/clair/

## Community

- Mailing List: [[email protected]](https://groups.google.com/forum/#!forum/clair-dev)

- IRC: #[clair](irc://irc.freenode.org:6667/#clair) on freenode.org

- Bugs: [issues](https://github.com/quay/clair/issues)

## Contributing

See [CONTRIBUTING](.github/CONTRIBUTING.md) for details on submitting patches and the contribution workflow.

## License

Clair is under the Apache 2.0 license. See the [LICENSE](LICENSE) file for details.