yebinama
commented
5 years ago Hello,
Thanks for your feedback!
To understand how Paclair works, you need to know how Clair exactly works.
Clair uses a postgres database to store which packages are present in a particular layer of a docker image. Each layer is linked to his ancestor so, when you want to analyse a docker image, you have to request Clair which vulnerabilities are present on the last layer of the image. It then automatically analyses each previous layer and respond with a list of vulnerabilities.
Therefore each layer of a Docker image must first have been processed by Clair and stored in the database. That's why you have to use Paclair push command before analysing an image.
Maybe I could add an option to the analyze command to push the docker image if it has not already been processed.
Hi there, great tool! Thank you for this. I tried a lot of other clair CLI tools but none worked with Clair API v3 so this was a nice surprise!
Quick question - I read through the Readme and also tried running this and it worked just fine. However I do have a question about how does it actually work since there doesn't seem to be any information regarding it?
I figured that in order to scan a particular image, I need to first push it to Clair and then run the analyze command? Is this true? Can I simply issue the analyze command against an image in my registry without pushing the image first?