klar
klar copied to clipboard
optiopay
Integration of Clair and Docker Registry
Hello, I'm writing this, following the discussion in #1 I'm testing clair and klar since a few days, and I managed to make it work with a private registry (using...
The image `debian:stretch-slim` from Docker Hub, as of now, has a vulnerable glibc version: ``` $ docker images$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE debian stretch-slim 9a4a82cec2d2 12...
docker run -e CLAIR_ADDR="http://localhost:6060" -e CLAIR_OUTPUT=Unknown -e CLAIR_THRESHOLD=10 klar centos:7 clair timeout 1m0s docker timeout: 1m0s no whitelist file Analysing 1 layers Failed to analyze using API v1: push image...
Hi, thx for klar! Nice alternative to the sometimes buggy clair-cli. Is there any chance for a junit-compatible output format? This could be parsed by many ci-systems for better output?...
Hi, I am using (trying to at least) Klar/Clair in Jenkins X (in AWS EKS). I made a Klar image with DinD and the [ECR helper tool](https://github.com/awslabs/amazon-ecr-credential-helper). With this image...
@hashmap I just installed the latest version of klar - 2.3.0 (as at the time of writing) by the go get github.com/optiopay/klar command. This is the result I get $...
Can we introduce a way (probably env var at this point) to disable the `CLAIR_THRESHOLD`? In my case I mainly use klar for fetching of all vulnerabilities that are found...
At the moment `klar` just tells us how many CVEs have been whitelisted. It would be useful to have an option to also say which CVEs were whitelisted. Ideally build...
With latest klar source code: go get github.com/optiopay/klar fails with error: #github.com/optiopay/klar/vendor/github.com/coreos/clair/api/v3/clairpb goworkspace/src/github.com/optiopay/klar/vendor/github.com/coreos/clair/api/v3/clairpb/convert.go:131:67: cannot use layer (type database.AncestryLayer) as type database.Layer in argument to LayerFromDatabaseModel
Should we look at using something like https://github.com/spf13/viper One of the issues I keep having is trying to remember the environment vars that klar supports ;) Something like viper would...