Published on April 4th, 2016 | by NJ Ouchn


Clair – Image Containers Security Analyzer by CoreOS

Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers.


Vulnerability data is continuously imported from a known set of sources and correlated with the indexed contents of container images in order to produce lists of vulnerabilities that threaten a container. When vulnerability data changes upstream, the previous state and new state of the vulnerability along with the images they affect can be sent via webhook to a configured endpoint. All major components can be customized programmatically at compile-time without forking the project.

Our goal is to enable a more transparent view of the security of container-based infrastructure. Thus, the project was named Clair after the French term which translates to clear, bright, transparent.

Clair 1.0 introduces new details for each detected vulnerability including:

  • Name and version of the source package of the vulnerability, called a Feature in Clair.
  • The feature version(s) that fix the vulnerability, if they exist.
  • Metadata such as the Common Vulnerability Scoring System (CVSS). When available, CVSS metadata provides the fundamental characteristics of the vulnerability such as means of access, whether authentication is required, and the impacts to confidentiality, integrity, or availability.
  • Flags the specific layer in the image that introduces the vulnerability to make applying patches even easier.

Full article about Clair v1.0

Tags: , , , , ,

About the Author

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"

Back to Top ↑