Skip to main content

Pierre Ozoux

Test the security of your images in CoreOS with #clair

1 min read

You may have heard of the amazing clair project! I wanted to try it out to see if we were secured!

There is no README yet, but this project comes handy!

 doesn't have golang, but well, golang image has golang :)
docker run -it -v /opt/bin:/opt/bin golang go get -u github.com/coreos/clair/contrib/analyze-local-images && mv bin/analyze-local-images /opt/bin/
exit
mkdir /etc/clair
cd /etc/clair/
wget https://raw.githubusercontent.com/coreos/clair/master/config.example.yaml
docker run -it -v /tmp:/tmp -p 6060:6060 -p 6061:6061 -v /etc/clair:/config:ro quay.io/coreos/clair:latest --config=/config/config.example.yaml
 for: 2016-02-14 18:29:44.863164 I | updater: update finished

 an other shell and start to have fun:
docker images -q | xargs -L 1 analyze-local-images

This is pretty scary actually, we have to find better ways to pull more regularly our images.