clair-cicd

clair-cicd copied to clipboard

Struggling to get Clair to work effectively. Other docker image vulnerability assessment tools exist. * [Trivy](https://github.com/aquasecurity/trivy) * [Snyk](https://snyk.io/product/container-vulnerability-management/) (via [```docker scan```](https://docs.docker.com/engine/scan/)) Given the above let's morph ```clair-cicd``` to have non-clair...

simonsdave

When specifying the whitelist for ```assess-image-risk.sh``` with the ```--whitelist``` command line argument, should support ```https://``` scheme in addition to the existing ```json://```, ```file://``` schemes. Why is this important? Ideally whitelists...

simonsdave

To use ```clair-cicd``` in a CircleCI pipeline the following step is typically authored ```yaml - run: name: Run docker image vulnerability risk assessment command: | curl \ -s \ -L...

simonsdave

Starting to see severities of 'Unknown'. How should this be handled? ``` 2020-11-27 12:13:59 ERROR io:126 Could not read vulnerabilities from '/tmp/tmp.kFFNaM/ff72598b05f57e6f83d56b858ba9783796e99aea2dcef391b3fa688c1e077ae5.json' - 'Unknown' is not one of ['negligible', 'Negligible',...

simonsdave

After the database has been built, using [pg_repack](https://reorg.github.io/pg_repack/) to remove bloat from tables and indexes.

simonsdave

how do we sync clair-cicd releases with clair releases? perhaps something like if I'm using clair-cicd release v1.2.2 then I should be using clair release v1.2.2

simonsdave

The clair-cicd postgres DB is large. Smaller would be better. Can the size of the image be reduced through the use of postgres vacuuming. References: - [Routine Vacuuming](https://www.postgresql.org/docs/9.5/static/routine-vacuuming.html) - [Vacuum...

simonsdave