A Brief Introduction To Containers Continuous Vulnerability Scanning

Continuous vulnerability scanning

This blog is to make yourself one step closer to Containers Security.

One such open-source venture that has risen in this space is Clair. We become acquainted with this 

from the Clair GitHub page: Clair is an open source venture for the static examination of vulnerabilities

apps and Docker containers.
Clair scans your code against Common Vulnerabilities and Exploits (CVEs). It can be
integrated into your CI/CD pipeline and run as a response to new builds. If vulnerabilities
are found, they can be taken as feedback into the pipeline, even stop deployment, and fail
the build. This forces developers to be aware of and remediate vulnerabilities during their
normal release process.
Clair can be integrated with a number of container image repositories and CI/CD pipelines.
Clair is also used as the scanning mechanism in CoreOS’s Quay image repository. Quay
offers a number of enterprise features including continuous vulnerability scanning:
ht tps

://q u a

y

. i

o /
Both Docker Hub and Docker Cloud support security scanning. Again, containers that are
pushed to the repository are automatically scanned against CVEs and notifications of
vulnerabilities are sent as a result of any findings. Additionally, binary analysis of the code
is performed to match the signature of the components with that of known versions.
There are a variety of other scanning tools that can be used as well for scanning your image repositories including OpenSCAP as well as Twistlock andAquaSec.

Clair is a great tool and its main aim is to provide more transparency of the security of the container-based infrastructure. the wors Clair after the French term which translates to clear, bright, transparent.