Dung828
commented
2 years ago Many thanks for who built clair-scanner. I have finally installed it on my AWS Linux EC2 server 10gb. This is for my Securecode assessment. I have found the arminc/clair-local-scan is gone from "sudo docker container ls" after maybe around 5 minutes. So its current container id needs to be removed and run again -
docker run -p 6060:6060 --link clair-db:postgres -d --name clair arminc/clair-local-scan.
Then run "./clair-scanner ....... ". I don't know why it is gone after 5 minutes .
arminc
We are running clair scanner to run security scan on our docker images. The clair scanner runs inside a travis build and in our case both clair scanner and clair runs on same machine that is launched by travis.
However , we see following issue intermittently in some of the travis build run:-
8.98s$ clair-scanner -w tests/cve-scan-whitelist.yaml -c "http://127.0.0.1:6060" --threshold="High" --ip "$(ip -4 addr show docker0 | grep -oP '(?<=inet\s)\d+(.\d+){3}')" $IMAGE_NAME:latest 2021/06/09 01:28:57 [INFO] ▶ Start clair-scanner 2021/06/09 01:29:06 [INFO] ▶ Server listening on port 9279 2021/06/09 01:29:06 [INFO] ▶ Analyzing cbb111c748af833f9ef620afd2320b662c7a04b0e3cf08caf4e4f25af031892b 2021/06/09 01:29:06 [CRIT] ▶ Could not analyze layer: POST to Clair failed Post http://127.0.0.1:6060/v1/layers: dial tcp 127.0.0.1:6060: getsockopt: connection refused The command "clair-scanner -w tests/cve-scan-whitelist.yaml -c "http://127.0.0.1:6060" --threshold="High" --ip "$(ip -4 addr show docker0 | grep -oP '(?<=inet\s)\d+(.\d+){3}')" $IMAGE_NAME:latest" exited with 1.
This issue is very intermittent and sometimes build will pass without any issues. Is there any issue with --ip I am giving. I tried passing --ip "$(hostname -i)" , but still gets same issue.
Below are complete set of commands we have defined in .travis.yml