clair-scanner icon indicating copy to clipboard operation
clair-scanner copied to clipboard

Published 20 hours ago verified publisher icon arminc

Docker Image for clair-scanner ?

Open victornoel opened this issue 6 years ago • 5 comments

Any way to get an image for clair-scanner? So that it can be used it in a CI/CD situation without having to download it.

victornoel avatar Dec 13 '18 09:12 victornoel

I'm currently testing a docker image with clair-scanner for pipeline use. I added it to the arminc/clair-local-scan image. This will allow the image to run the Clair server, while the CI/CD script (running on the container) to run the client scanner.

Almost fully standalone, except the database. However the arminc/clair-db image helps solve that issue.

If @arminc is interested I can add the Dockerfile to this project, so it will get updated with each release.

jeff-cook avatar Dec 29 '18 03:12 jeff-cook

Here is an example of what that might look like. I have been testing with it and it is working so far. The versions should become variables, so it can be easily updated.

FROM arminc/clair-local-scan:v2.0.6

RUN apk add -U wget ca-certificates && \
  wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 -O clair-scanner  && \
  chmod +x clair-scanner

jeff-cook avatar Jan 03 '19 17:01 jeff-cook

+1 there should be a maintained image that contains clair-scanner_linux_amd64 preinstalled

madnight avatar Feb 13 '19 15:02 madnight

@victornoel @jeff-cook @madnight You could use https://github.com/usr42/clair-container-scan

usr42 avatar Mar 08 '19 14:03 usr42

@usr42 if we could avoid multiplying the providers of images for something related to security, it would be better: already relying on @arminc image on top of the official clair binaries is one step towards taking security risks, adding one more intermediary is not desirable :)

victornoel avatar Mar 08 '19 15:03 victornoel