Skip to content
Demo of Docker image scanning with Clair
Go Groovy
Branch: master
Clone or download
Latest commit ddcb5f6 Apr 27, 2017
Type Name Latest commit message Commit time
Failed to load latest commit information.
analyze add Dockerfile Apr 19, 2017
clair add docker-compose Apr 21, 2017
jenkins add docker-compose Apr 21, 2017
LICENSE Initial commit Apr 13, 2017 Update Apr 27, 2017
docker-compose.yml add docker-compose Apr 21, 2017
test add docker-compose Apr 21, 2017


Docker image scanning demo with Clair


  • CentOS 7 with Development tools installed yum group install "Development Tools"
  • Docker engine
  • Docker compose
  • Golang 1.8


Move in to the project directory and run docker-compose cd clair-demo
docker-compose up -d

Execute an image scan

docker run --rm -it --net clairdemo_net_clair -v /tmp:/tmp -v /var/run/docker.sock:/var/run/docker.sock --name analyser amouat/clair-analyse -endpoint http://clair:6060 -my-address analyser busybox

Install Clair

Create docker network
docker network create clair

Deploy a Postgres instance
docker run -d -e POSTGRES_PASSWORD="" -p 5432:5432 --network clair --name postgres postgres:9.6

Download the default config file for Clair
curl -L -o $HOME/clair_config/config.yaml

Update the config file line 23 by changing the postgres host from localhost to postgres
vi $HOME/clair_config/config.yaml

Deploy an instance of clair
docker run -d -p 6060-6061:6060-6061 -v /tmp:/tmp -v $HOME/clair_config:/config --network clair -config=/config/config.yaml

Deploy a private repo
docker run -d -p 5000:5000 --restart=always --name registry registry:2

Install clairctl

clairctl is a convenient CLI client to interact with the Clair API.

Install Glide
curl | sh glide install -v go build

Build clairctl
export GOPATH=/usr/local/go/src/
git clone $GOPATH/src/
cd $GOPATH/src/
go build

Copy the clairclt executable in the bin directory
cp -v $GOPATH/src/ /usr/local/bin

Generate an image scanning report with clairctl

Pull the official nginx Docker image from Docker Hub to Clair
clairctl pull nginx
Analyze the nginx Docker image
clairctl analyze nginx
Generate the report
clairctl report nginx
The HTML report is available here

Integrate the image scanning into Jenkins pipelines with klar

Install klar
curl -L -o /usr/local/bin/klar
chmod +x /usr/local/bin/klar


HTTPS registries are not part of this demo.

You can’t perform that action at this time.