Open victornoel opened 5 years ago
I'm currently testing a docker image with clair-scanner for pipeline use. I added it to the arminc/clair-local-scan image. This will allow the image to run the Clair server, while the CI/CD script (running on the container) to run the client scanner.
Almost fully standalone, except the database. However the arminc/clair-db image helps solve that issue.
If @arminc is interested I can add the Dockerfile to this project, so it will get updated with each release.
Here is an example of what that might look like. I have been testing with it and it is working so far. The versions should become variables, so it can be easily updated.
FROM arminc/clair-local-scan:v2.0.6
RUN apk add -U wget ca-certificates && \
wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 -O clair-scanner && \
chmod +x clair-scanner
+1 there should be a maintained image that contains clair-scanner_linux_amd64
preinstalled
@victornoel @jeff-cook @madnight You could use https://github.com/usr42/clair-container-scan
@usr42 if we could avoid multiplying the providers of images for something related to security, it would be better: already relying on @arminc image on top of the official clair binaries is one step towards taking security risks, adding one more intermediary is not desirable :)
Any way to get an image for clair-scanner? So that it can be used it in a CI/CD situation without having to download it.