Clair

What is Clair?

Clair is a popular open source security tool for parsing container image contents and reporting vulnerabilities affecting the contents. This is done via static analysis and not at runtime.

Tool type SCA (Source Composition Analysis)
License Open Source
Frameworks Containers
Site https://quay.github.io/clair/
Pre-requisites
1 You'll need a Container image to scan
2 You'll need to setup a Clair connection (your own or the Uleska Cloud version)

How do I set it up?

The Uleska Clair tool makes use of the Container Configuration applied to a Version, so make sure that's set for the Version you're looking to test.

There are two options when it comes to using the Clair security scanner:

  1. You can use the Uleska Cloud in-built Clair instance to check a container.  You will find this at http://uleska-clair:6060 (this is only accessible from the Uleska Cloud platform).
  2. If you wish to use your own, instance of Clair, you will need to install Clair on a server you control and obtain the host/IP from it.  create a new Generic API Connection, and select it when configuring the Clair tool.  See the Clair deployment instructions on Github

Creating a connection configuration in the Uleska Platform to Clair

You can tell the Uleska Platform which Clair instance to use by creating a Connection configuration.

  • In the Uleska Platform, click on the Configuration menu and select the 'Connections' tab
  • Click on 'Add Connection'
  • From the drop down list, select 'Generic Api Connection'
  • Add the URL of your Clair
    • If you wish to use the Uleska Cloud instance, enter http://uleska-clair:6060
    • If you wish to use your own instance, enter the URL and port of your instance.
  • No further details are required.
  • Click 'Save'

ClairConnection

Adding Clair into a Toolkit

You will need to Create a Custom Toolkit to make use of the Clair tool. On the Tools list, find Clair and click Add

Screenshot 2022-03-11 at 17.24.46

Click the cog icon to open the configuration modal, and select the Connection you created previously.

Screenshot 2022-03-11 at 17.25.05

Click Save on the configuration modal, and click Save again to save the Custom Toolkit

Next steps: