Scanning vulnerable Docker images

Installing Clair

  1. The first container would be running your Testing Image which would be from your private registry
  2. The second container would be running Clair within CoreOS inside a container which will be responsible for actual scanning of the images
  3. The Third container would be a PostgreSQL docker image, which will be storing all the CVEs (This has to be updated manually as of now).
  • After pulling the image you wish to scan, tag the image to any desired name and then push it to your private registry locally.
  • Use Clair to scan the images against the CVEs listed in the PostgreSQL database
  • If any vulnerability matches and the CVE is found, it is copied and stored to persistent volume storage.

Running Clair

docker pull nginx:latest
docker tag nginx localhost:5000/nginx-test
docker push localhost:5000/nginx-test
CLAIR_ADDR=http://localhost:6060 CLAIR_OUTPUT=Low CLAIR_THRESHOLD=10 REGISTRY_INSECURE=TRUE klar localhost:5000/nginx-test
setting up the environment
After running Clair on the latest Nginx image — at the time of this writing

--

--

--

I make things, I break things and I make things that break things https://mihirshah99.tech

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Improving Handoff with iCloud

Introduction — Lightning Open CTI

Python Web Scraping in Depth: A Comprehensive Guide

Build a Low Code Web & Mobile App Just the Way You Like

Hello,Iam Rajat Raut.i

My adventure with Sylius and Open Source — part 2

Creator of the Week: Going Digital at Campus Africa

SQL Stored Procedures: Parameters

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mihir Shah

Mihir Shah

I make things, I break things and I make things that break things https://mihirshah99.tech

More from Medium

ngrok — Make full use of free tier version to expose your localhost to the internet

Analyzing CVE-2022–22980 to discover a real exploitable path in the source code review process with…

Configure nginx and ssl on linux instance

Api Security in CI/CD Process