Skip to content

Proposal - Container security scanning with Clair #14

@dtrudg

Description

@dtrudg

Clair is the CoreOS project for security static analysis of containers, scanning them for security issues (from databases of known CVEs). I'd like to propose adding support to sregistry for scanning containers using Clair.

Though Clair is centered around docker or appc images, it has been used to scan openvz templates, which are .tar archives - see FastVPSEestiOu/check_openvz_mirror_with_clair. I'm pretty sure something similar could be done for singularity images.

This is something I'm planning to work on, and thought I'd add a ticket here in case it's of interest to others / there are any thoughts? I'm thinking I will be working to:

  • Create a stand alone python tool to scan a singularity image via Clair API
  • Investigating contributing this to singularity-python (if it's of interest there)
  • Integrate with sregistry - celery jobs for Clair scanning periodically / on push?

Would welcome any input on if this is of interest for sregistry, or more generally.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions