$ klar postgres:9.5.1
clair timeout 1m0s
docker timeout: 1m0s
no whitelist file
Analysing 22 layers
Got results from Clair API v1
Found 111 vulnerabilities
Unknown: 8
Negligible: 27
Low: 13
Medium: 41
High: 22
CVE-2016-7543: [High]
Found in: bash [4.3-11]
Fixed By: 4.3-11+deb8u1
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOP
TS and PS4 environment variables.
https://security-tracker.debian.org/tracker/CVE-2016-7543
...snip...
Testing with androw/zeppelin... it doesn't work.
$ klar androw/zeppelin
clair timeout 1m0s
docker timeout: 1m0s
no whitelist file
Analysing 6 layers
Failed to analyze using API v1: push image https://registry-1.docker.io/v2/androw/zeppelin:latest to Clair failed: can't push layer to Clair: Post http://localhost:6060/v1/layers: net/http: request canceled (Client.Timeout exceeded while awaiting headers)
Failed to analyze using API v3: push image https://registry-1.docker.io/v2/androw/zeppelin:latest to Clair failed: rpc error: code = Unavailable desc = transport is closing
Failed to analyze, exiting
when I test with postgres:9.5.1, it works.
Testing with androw/zeppelin... it doesn't work.