# Copyright 2015 clair authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # The values specified here are the default values that Clair uses if no configuration file is specified or if the keys are not defined. clair: database: # Database driver type: pgsql options: # PostgreSQL Connection string # https://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-CONNSTRING source: host=localhost port=5432 user=postgres sslmode=disable statement_timeout=60000 # Number of elements kept in the cache # Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database. cachesize: 16384 api: # API server port port: 6060 # Health server port # This is an unencrypted endpoint useful for load balancers to check to healthiness of the clair server. healthport: 6061 # Deadline before an API request will respond with a 503 timeout: 900s # 32-bit URL-safe base64 key used to encrypt pagination tokens # If one is not provided, it will be generated. # Multiple clair instances in the same cluster need the same value. paginationkey: # Optional PKI configuration # If you want to easily generate client certificates and CAs, try the following projects: # https://github.com/coreos/etcd-ca # https://github.com/cloudflare/cfssl servername: cafile: keyfile: certfile: updater: # Frequency the database will be updated with vulnerabilities from the default data sources # The value 0 disables the updater entirely. interval: 2h fetcher: # You can enable or disable individual fetchers in this section. This is useful for reducing # overall update times by disabling the distributions you will never scan # The default if a distribution is unspecified/unconfigured is true/enabled. alpine: enabled: true debian: enabled: true oracle: enabled: true rhel: enabled: true ubuntu: enabled: true notifier: # Number of attempts before the notification is marked as failed to be sent attempts: 3 # Duration before a failed notification is retried renotifyinterval: 2h http: # Optional endpoint that will receive notifications via POST requests endpoint: # Optional PKI configuration # If you want to easily generate client certificates and CAs, try the following projects: # https://github.com/cloudflare/cfssl # https://github.com/coreos/etcd-ca servername: cafile: keyfile: certfile: # Optional HTTP Proxy: must be a valid URL (including the scheme). proxy: