Docker Image for clair-scanner ?

[victornoel]

Any way to get an image for clair-scanner? So that it can be used it in a CI/CD situation without having to download it.

[jeff-cook]

I'm currently testing a docker image with clair-scanner for pipeline use. I added it to the arminc/clair-local-scan image. This will allow the image to run the Clair server, while the CI/CD script (running on the container) to run the client scanner.

Almost fully standalone, except the database. However the arminc/clair-db image helps solve that issue.

If @arminc is interested I can add the Dockerfile to this project, so it will get updated with each release.

[jeff-cook]

Here is an example of what that might look like. I have been testing with it and it is working so far. The versions should become variables, so it can be easily updated.

FROM arminc/clair-local-scan:v2.0.6

RUN apk add -U wget ca-certificates && \
  wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 -O clair-scanner  && \
  chmod +x clair-scanner

[madnight]

+1 there should be a maintained image that contains clair-scanner_linux_amd64 preinstalled

[usr42]

@victornoel @jeff-cook @madnight You could use https://github.com/usr42/clair-container-scan

[victornoel]

@usr42 if we could avoid multiplying the providers of images for something related to security, it would be better: already relying on @arminc image on top of the official clair binaries is one step towards taking security risks, adding one more intermediary is not desirable :)