Your Containers. No Surprises.

Clair continuously scans your container images for vulnerabilities and security problems. Free and Open Source.

Download Latest Stable Release

Description

Who Uses Clair?

Why Clair?

Peer inside your container images

Designed For Containers

Clair was designed from the ground up to analyze container image contents, checking for vulnerable packages and libraries. It follows the design principle of 'do one thing, do it well'

Built For Scale

Clair monitors some of the largest container image registries on the internet. It also works great in smaller environments like your laptop or CI pipeline.

Continuous Operation

Clair works quietly behind the scenes watching for newly published vulnerabilities so you can always get the most up to date view of your security stance.

A Modern Static Analyzer

Built for container-based applications running in the cloud

Continuous Static Analysis Clair provides continuous static analysis for container images to detect vulnerabilities and that threaten a runtime using that image. Clair works in conjunction with container registries to detect and identify vulnerabilities both within the base operating system, installed packages and even programming languages. Clair keeps its database of vulnerabilities continuously updated as new vulnerabilities are published and images can be quickly re-analyzed for vulnerabilities without having to re-read the entire image contents.

Provides Visbility Into Containers Our project name (‘Clair’) is the French word for ‘clear, bright, transparent’. Clair exists to make opaque container contents visible and easily understood. That visibility is critical for a secure software supply chain and the confidence that your applications are built on a secure foundation.

Broad Container Content Support Inspects many popular Linux distributions (RHEL, Alpine, Ubuntu, Debian, Oracle, Photon, SUSE). Handles many popular programming languages (Java, Python, Golang, Javascript). Works with container images built using either OCI Distribution or Docker v2 specifications. Clair is regularly tested at-scale on every image stored in quay.io.

Flexible Architecture Modular architecture that supports various methods of deployment (micro-services, monolithic, CI pipeline, disconnected). Extensible codebase that encourages extension for new operating systems and package and language types.

100% Open Source Clair uses the Apache 2.0 license. This lets the community freely contribute and improve Clair while making sure it is useful in a wide variety of situations.

Ready to get started?

Check Out Our Guide