Clair Application Analysis
NEW IN RELEASE 77
The Clair coordinate based matching feature provides the ability to scan and evaluate Clair identified container dependencies.
For reference on how to use Clair please refer to the Clair documentation.
What is Supported
Files named clair-scanner-output.json created by the client Clair scanner ( https://github.com/arminc/clair-scanner ).
Steps to analyze using the Nexus IQ CLI
Create the clair-scanner-output.json by running the Clair scanner
For detailed instructions on Clair scanner please refer to the Clair scanner documentation.
clair-scanner --ip 10.0.1.144 -r clair-scanner-output.json vulnerables/web-dvwa
Example file content
Run a scan
Invoke a Nexus IQ CLI scan of the directory containing clair-scanner-output.json. Instructions on how to do this can be found here Nexus IQ CLI.
The output from the Nexus IQ CLI
Nexus Lifecycle Dashboard Results
Nexus Lifecycle Report Results
Steps to analyze using the Jenkins plugin
By default, the Jenkins plugin will not evaluate the clair-scanner-output.json file. A custom Scan Target is needed.
nexusPolicyEvaluation iqApplication: 'SampApp', iqScanPatterns: [[scanPattern: '**/clair-scanner-output.json']], iqStage: 'build'
To find more information on how to configure Jenkins please go to the Nexus Platform Plugin for Jenkins.
Steps to analyze using the Bamboo plugin
Bamboo Scan Targets control what files are examined. To evaluate Clair, add clair-scanner-output.json to the scan targets via "**/clair-scanner-output.json". To find more information on how to configure Bamboo please go to the Nexus IQ for Bamboo.