adamcohen
commented
4 years ago No, it doesn't pull the image locally, it only pulls the manifest file. It then reads the layer data from the manifest file, loops over each layer in the image, and sends a POST request to the clair API endpoint with a Path component which contains a URL to the layer data in the container registry. Clair then reads the layer data directly from the registry. This means that klar doesn't have to actually push the data to clair, it only passes a references to the data which clair is responsible for pulling.
Does klar pull and download the image locally before calling an API to clair to scan it?