Generate vulnerability reports

You can submit a container image to Clair and get a vulnerability report.

Before you begin

Clair should be running as a combined deployment or as a distributed deployment.

Submitting a manifest

You can submit a manifest for a container image to your running Clair deployment using clairctl, the CLI program for Clair.

1. Build the Clair CLI

You should be in the top level Clair directory.

Generate clairctl binary:

    

        
        
            go build ./cmd/clairctl
        
    

2. Submit the manifest to Clair using the CLI:

You can use a container from another Learning Path, Learn how to use Docker as a test for Clair.

The last argument to clairctrl is the name of the container.

To check armswdev/uname run:

    

        
        
            ./clairctl --config "./local-dev/clair/config.yaml" -D report armswdev/uname
        
    

3. Review the vulnerability report

For the image armswdev/uname the output from the report is:

    

        
        uname found ncurses-base 6.3-2                        CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible.
uname found ncurses-base 6.3-2                        CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium.
uname found bash         5.1-6ubuntu1                 CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - low.
uname found coreutils    8.32-4.1ubuntu1              CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low.
uname found gpgv         2.2.27-3ubuntu2.1            CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low.
uname found libc-bin     2.35-0ubuntu3.1              CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible.
uname found libc6        2.35-0ubuntu3.1              CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible.
uname found libncurses6  6.3-2                        CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible.
uname found libncurses6  6.3-2                        CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium.
uname found libncursesw6 6.3-2                        CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible.
uname found libncursesw6 6.3-2                        CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium.
uname found libpcre3     2:8.39-13ubuntu0.22.04.1     CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible.
uname found libssl3      3.0.2-0ubuntu1.8             CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low.
uname found libssl3      3.0.2-0ubuntu1.8             CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low.
uname found libssl3      3.0.2-0ubuntu1.8             CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low.
uname found libssl3      3.0.2-0ubuntu1.8             CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible.
uname found libtasn1-6   4.18.0-4build1               CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low.
uname found libtinfo6    6.3-2                        CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible.
uname found libtinfo6    6.3-2                        CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium.
uname found libzstd1     1.4.8+dfsg-3build1           CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low.
uname found ncurses-bin  6.3-2                        CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible.
uname found ncurses-bin  6.3-2                        CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium.
uname found tar          1.34+dfsg-1ubuntu0.1.22.04.1 CVE-2021-20193 on Ubuntu 22.04 LTS (jammy) - low.

        
    

You can submit other containers and see the vulnerability reports.