Integrate against Clair for Docker image scanning

[nishils]

This will take some work as Clair would need to be external to Salus. We would add support for pushing images to Clair and getting the results.

We can provide a way to configure against an existing Clair instance but would not want to make Clair a part of Salus.

I have used paclair before and seemed to work rather well for this sort of use case.

[jborrey]

This will be the first time that Salus has to deal with concurrency outside of its control. Would you have Salus wait until a Clair result is read (presumably the container was pushed to Clair ahead of time)?

Something that was never built, but was part of the original vision of Salus was to have a a SalusServer which would collect and display results for you - pretty similar to the dashboards run by Snyk, Hakiri and friends. Right now we get away without it if you dump all of the Salus reports into a logging pipeline which you can view.

The server would be useful for this sort of thing though but it's a lot of work. What if Clair just also dumped logs into the same pipeline with the same set of keys so that you can easily group them together?

[mattlorimor]

In order to meet the spirit of doing this, would integrating something like Aqua's Trivy scanner be more desirable? It's fairly easy to integrate it into SDLC/CI systems, so I imagine it would lend itself well to the way Salus runs things.