Locally Setup and Scan your Docker images via Clair

ByKarthik Kumar D Kon24th Mar 2021, 2022-12-01T08:00:00+05:30
Read Article
Locally Setup and Scan your Docker images via Clair

Docker Images contain not only application code, but a OS and additional utilities to make application run as expected. Images can also be vulnerable its better not have any CVE's in image. Running scans are one of the way to protect from CVE's. These container scanning tools scan for known vulnerabilities in the image.

In this article, We use Clair to scan a Docker image for vulnerabilities. Clair is an open source container scanning tool from Quay.io - a Red Hat acquisition. Clair is one container scanning tool among many. Most of them perform static analysis of the Docker image.

How to Setup?

You have to create a application which works as a scanner on your local, below are the steps which tell you how to setup the scanner.

Create a Project directory as clair_local_poc, within that create a docker-compose.yml file with the contents as shown below. File location clair_local_poc/docker-compose.yml

Create a docker-utils/clair-config directory and place config.yml file inside the directory. File Location: clair_local_poc/docker-utils/clair-config/config.yml

Once you create the above files with the folder structure, you are good with the step and ready to use the scanner, which will scan for CVE Issues.

Scan Local Docker Image

Below are the steps to run the scan of local docker image

This way, you can scan the Docker images for any CVE issues.

We Need Your Consent
By clicking “Accept Cookies”, you agree to the storing of cookies on your device to enhance your site navigation experience.
I Accept Cookies