Regularly scan your Docker images for vulnerabilities using tools like Trivy or Clair.
– Source: dev.to
/
about 1 month ago
Clair: An open-source project for the static analysis of vulnerabilities in application containers.
– Source: dev.to
/
about 2 months ago
Besides pointing pentester tools like metasploit at yourself, there are some nice scanners out there. https://github.com/quay/clair.
– Source: Hacker News
/
8 months ago
Clair. Vulnerability Static Analysis for Containers.
– Source: dev.to
/
8 months ago
Https://github.com/quay/clair
9.4k stars, updated 17 hours ago.
Source:
over 1 year ago
It scaled well compared to a naive graph abstraction implemented outside the database, but when performance wasn’t great, it REALLY wasn’t great. We ended up throwing it out in later versions to try and get more consistent performance. I’ve since worked on SpiceDB[1] which takes the traditional design approach for graph databases and simply treating Postgres as triple-store and that scales far better. IME, if you…
– Source: Hacker News
/
over 1 year ago
Open source: Trivy, Gryp and Clair are widely used open source tools for container scanning.
– Source: dev.to
/
almost 2 years ago
Testing the image with github.com/fullhunt/log4j-scan and https://github.com/quay/clair shows no vulnerabilities.
Source:
about 2 years ago
Amazon Elastic Container Registry is a fully-managed Docker container registry. It makes it easy for developers to store and manage Docker images inside their AWS environment.
ECR supports two types of image scanning. Enhanced image scanning requires an integration with Amazon Inspector. It will scan your repositories continuously. Basic image scanning will use the Common Vulnerabilities and Exposures (CVEs)…
– Source: dev.to
/
over 2 years ago
Klair: Scan your containersJust like external dependencies can contain security flaws, container images also can contain outdated programs and dependencies subject to security issues. Klair is an open-source tool that can help you find outdated dependencies and security flaws in your docker images.
Source:
over 2 years ago
AWS Elastic Container Registry has been able to support the scanning of images for vulnerabilities using the open source project Clair for quite some time now. Clair is an open source project used for the static analysis of vulnerabilities in application containers (currently including OCI and Docker). Made available by AWS directly and implemented into ECR, it is a very useful feature to minimize the risk of…
– Source: dev.to
/
over 2 years ago
I use Quay and quite like it. It’s a lot more flexible to deploy than Harbor. It has a web UI and connects to LDAP or OIDC. You can also add vulnerability scanning to it as well with Clair. The one downside is that it doesn’t support a pull-through cache system like Harbor does (to my knowledge), though you can explicitly mirror containers from another source.
Source:
over 2 years ago
Make sure you know what you are running on your platform. The Software Bill of Materials (SBoM) describes all the various software components on which your system is based. If you keep an active track of your SBoM with tools like OWASP dependencyTrack, it becomes easier to know whether software you are using is vulnerable. Additionally there are great open-source tools, like the OWASP Dependency Checker, Trivy,…
– Source: dev.to
/
almost 3 years ago
Enable container image scanning in your CI/CD phase to catch known vulnerabilities using tools like clair or Anchore.
– Source: dev.to
/
almost 3 years ago
Use Clair for vulnerability scanning.
– Source: dev.to
/
almost 3 years ago
All images should be checked in the application lifecycle by automated scanners (Trivy, Clair, Grype).
– Source: dev.to
/
almost 3 years ago
Clair is used for static analysis of your images. It supports images that are based on the Open Container Initiative (OCI). You can build your services for scanning images that can be based on Clair API. Clair uses CVE databases to detect vulnerabilities.
– Source: dev.to
/
about 3 years ago
