What is Clair?
Clair is a popular open source security tool for parsing container image contents and reporting vulnerabilities affecting the contents. This is done via static analysis and not at runtime.
|Security Stage||SCA (Source Composition Analysis)|
|1||You'll need a Git address to scan|
How do I set it up?
Adding Clair to your set of security tests is simple. You will add this testing tool to a version (security stage) that is set up to run static code analysis tests.
Clair supports two types of configuration to facilitate the scanning docker images to find vulnerabilities.
The second way is to scan an existing image from a private repository, such as Nexus or Jfrog.
Now that the Uleska system is configured to pick up your container Dockerfile or access the image from your repository, you can configure the testing toolkit to include Clair.
Now any time you click 'Test Now' for that application stage of testing, or make a request over the Uleska API or CLI for that stage, the Clair tool will be included to test your container in the test run and any results added to your vulnerabilities list.