Clair Application Analysis

NEW IN RELEASE 77

The Clair coordinate based matching feature provides the ability to scan and evaluate Clair identified container dependencies.

For reference on how to use Clair please refer to the Clair documentation. 

What is Supported

Files named clair-scanner-output.json created by the client Clair scanner ( https://github.com/arminc/clair-scanner ).  

Steps to analyze using the CLI 

Create the clair-scanner-output.json by running the Clair scanner 

For detailed instructions on Clair scanner please refer to the Clair scanner documentation. 

Example command

clair-scanner --ip 10.0.1.144 -r clair-scanner-output.json vulnerables/web-dvwa


Example file content

{
    "image": "image",
    "vulnerabilities": [
        {
            "featurename": "apt",
            "featureversion": "1.4.8",
            "vulnerability": "CVE-2019-3462",
            "namespace": "debian:9",
            "description": "TEST",
            "link": "https://security-tracker.debian.org/tracker/CVE-2019-3462",
            "severity": "Critical",
            "fixedby": "1.4.9"
        },
        {
            "featurename": "libxslt",
            "featureversion": "1.1.29-2.1",
            "vulnerability": "CVE-2017-16997",
            "namespace": "debian:9",
            "description": "TEST",
            "link": "https://security-tracker.debian.org/tracker/CVE-2017-16997",
            "severity": "Critical",
            "fixedby": "2.24-11+deb9u4"
        }
    ]
}

Run a scan

Invoke a CLI scan of the directory containing clair-scanner-output.json.  Instructions on how to do this can be found here https://help.sonatype.com/integrations/nexus-iq-cli.

The output from the cli

Dashboard results

Report results