From f36aa12024ad430843110ca2a23140664f6c621d Mon Sep 17 00:00:00 2001 From: Jimmy Zelinskie Date: Tue, 11 Apr 2017 14:57:11 -0400 Subject: [PATCH] README: clean up after README refactor --- README.md | 41 +++++++++++++++++++++++++---------------- 1 file changed, 25 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 452c4c1a..4b434cae 100644 --- a/README.md +++ b/README.md @@ -14,16 +14,15 @@ Please use [releases] instead of the `master` branch in order to get stable bina Clair is an open source project for the static analysis of vulnerabilities in application containers (currently including [appc] and [docker]). 1. In regular intervals, Clair ingests vulnerability metadata from a configured set of sources and stores it in the database. -2. Clients use the Clair API to index their container images; this parses a list of installed _source packages_ stores them in the database. -3. Clients use the Clair API to query the database; combining this data is done in real time, rather than a cached result that needs re-scanning. -4. When updates to vulnerability metadata occur, a webhook can be configured to page or block deployments. +2. Clients use the Clair API to index their container images; this parses a list of installed _source packages_ and stores them in the database. +3. Clients use the Clair API to query the database; correlating data is done in real time, rather than a cached result that needs re-scanning. +4. When updates to vulnerability metadata occur, a webhook containg the affected images can be configured to page or block deployments. Our goal is to enable a more transparent view of the security of container-based infrastructure. Thus, the project was named `Clair` after the French term which translates to *clear*, *bright*, *transparent*. [appc]: https://github.com/appc/spec [docker]: https://github.com/docker/docker/blob/master/image/spec/v1.2.md -[extended programmatically]: #customization [releases]: https://github.com/coreos/clair/releases ## When would I use Clair? @@ -33,28 +32,28 @@ Thus, the project was named `Clair` after the French term which translates to *c ## Documentation -The latest stable documentation can be found [on the CoreOS website]. -Documentation for the current branch can be found [inside the Documentation directory][docs-dir] at the root of the project's source code. +* [The CoreOS website] has a rendered version of the latest stable documentation +* [Inside the Documentation directory] is the source markdown files for documentation -[on the CoreOS website]: https://coreos.com/clair/docs/latest/ -[docs-dir]: /Documentation +[The CoreOS website]: https://coreos.com/clair/docs/latest/ +[Inside the Documentation directory]: /Documentation -## How do I deploy Clair? +## Deploying Clair ### Container Repositories Clair is officially packaged and released as a container. -* Stable releases can be found at [quay.io/coreos/clair] -* Stable releases with an embedded instance of [jwtproxy] can be found at [quay.io/coreos/clair-jwt] -* Development releases can be found at [quay.io/coreos/clair-git] +* [quay.io/coreos/clair] - Stable releases +* [quay.io/coreos/clair-jwt] - Stable releases with an embedded instance of [jwtproxy] +* [quay.io/coreos/clair-git] - Development releases [quay.io/coreos/clair]: https://quay.io/repository/coreos/clair [jwtproxy]: https://github.com/coreos/jwtproxy [quay.io/coreos/clair-jwt]: https://quay.io/repository/coreos/clair-jwt [quay.io/coreos/clair-git]: https://quay.io/repository/coreos/clair-git -### Production Supported +### Commercially Supported Clair is professionally supported as a data source for the [Quay] Security Scanning feature. The setup documentation for using Clair for this environment can be found on the [Quay documentation] on the [CoreOS] website. @@ -66,9 +65,19 @@ Be sure to adjust the version of the documentation to the version of Quay being ### Community Supported -The following are community supported instructions to run Clair in a variety of ways. **NOTE:** These instructions demonstrate running HEAD and not stable versions. +The following are community supported instructions to run Clair in a variety of ways. +A database instance is required for all instructions. + +Clair currently supports and tests against: + +* [Postgres] 9.4 +* [Postgres] 9.5 +* [Postgres] 9.6 + +[Postgres]: https://www.postgresql.org + #### Kubernetes If you don't have a local Kubernetes cluster already, check out [minikube]. @@ -107,7 +116,7 @@ $ docker run -d -p 6060-6061:6060-6061 -v $PWD/clair_config:/config quay.io/core #### Source To build Clair, you need to latest stable version of [Go] and a working [Go environment]. -In addition, Clair requires some additional binaries be installed on the system [$PATH]: +In addition, Clair requires some additional binaries be installed on the system [$PATH] as runtime dependencies: * [git] * [bzr] @@ -198,7 +207,7 @@ It can take several minutes before the database has been fully populated, but on ### How can I customize Clair? The major components of Clair are all programmatically extensible in the same way Go's standard [database/sql] package is extensible. -Everything extendable is located in the `ext` directory. +Everything extensible is located in the `ext` directory. Custom behavior can be accomplished by creating a package that contains a type that implements an interface declared in Clair and registering that interface in [init()]. To expose the new behavior, unqualified imports to the package must be added in your own custom [main.go], which should then start Clair using `Boot(*config.Config)`.