clair/cmd/clairctl/README.md

3.0 KiB

hyperclair

Build Status Join the chat at https://gitter.im/wemanity-belgium/hyperclair

Tracking container vulnerabilities, that's should be Hyperclair

Tracking vulnerabilities in your container images, it's easy with CoreOS Clair. Integrate it inside your CI/CD pipeline is easier with Hyperclair.

Hyperclair is a lightweight command-line tool doing the bridge between Registries as Docker Hub, Docker Registry or Quay.io, and the CoreOS vulnerability tracker, Clair. It's easily integrated in your CI/CD pipeline and Hyperclair will play as reverse proxy for authentication.

The Registry is a stateless, highly scalable server side application that stores and lets you distribute Docker images. The Registry is open-source, under the permissive Apache license.

From https://docs.docker.com/registry/

Clair is a container vulnerability analysis service. It provides a list of vulnerabilities that threaten a container, and can notify users when new vulnerabilities that affect existing containers become known.

From https://github.com/coreos/clair

hyperclair is tool to make the link between the Docker Registry and the CoreOS Clair tool.

hyperclair

Usage

asciicast

Notification

  1. On-Demand: the CLI tool is used to pull image from Registry then push it to Clair

Reporting

hyperclair get vulnerabilities report from Clair and generate HTML report

hyperclair can be used for Docker Hub and self-hosted Registry

Command

Analyse your docker image with Clair, directly from your registry.

Usage:
  hyperclair [command]

Available Commands:
  analyse     Analyse Docker image
  health      Get Health of Hyperclair and underlying services
  login       Log in to a Docker registry
  logout      Log out from a Docker registry
  pull        Pull Docker image information
  push        Push Docker image to Clair
  report      Generate Docker Image vulnerabilities report
  version     Get Versions of Hyperclair and underlying services

Flags:
      --config string      config file (default is ./.hyperclair.yml)
      --log-level string   log level [Panic,Fatal,Error,Warn,Info,Debug]

Use "hyperclair [command] --help" for more information about a command.

Optional Configuration

clair:
  port: 6060
  healthPort: 6061
  uri: http://clair
  priority: Low
  report:
    path: ./reports
    format: html

Remarks

  1. Analyzing Official Docker image is disallowed. You cannot pull layers from image you don't own.

Contribution and Test

Go to /contrib folder