Clair was designed to perform static analysis on container images in order to identify vulnerabilities. It is based on a modular architecture purpose-built for extension. Currently, Clair can identify vulnerabilities across the following operating systems and languages.
Linux Packages
Clair uses each operating system’s official vulnerability database. It will automatically try to detect the base operating system being used in each container that it reads.
- Red Hat Enterprise Linux
- Alpine Linux
- Debian Linux
- Ubuntu Linux
- Oracle Linux
- Photon OS
Programming Languages
Clair relies on the Open Source Vulnerability (OSV) database for language-centric vulnerabilities. It will look for language specific package managers on each container it reads.
- Python
- Java
- Golang (both packages and binaries)
- Javascript (npm)
- Ruby (coming soon)