Vulnerability Static Analysis for Containers
Clair
Note: The main branch may be in an unstable or even broken state during development. Please use [releases] instead of the main branch in order to get stable binaries.

Clair is an open source project for the [static analysis] of vulnerabilities in application containers (currently including [OCI] and [docker]).
Clients use the Clair API to index their container images and can then match it against known vulnerabilities.
Our goal is to enable a more transparent view of the security of container-based infrastructure. Thus, the project was named Clair after the French term which translates to clear, bright, transparent.
[The book] contains all the documentation on Clair's architecture and operation.
[OCI]: https://github.com/opencontainers/image-spec/blob/master/spec.md [docker]: https://github.com/docker/docker/blob/master/image/spec/v1.2.md [releases]: https://github.com/quay/clair/releases [static analysis]: https://en.wikipedia.org/wiki/Staticprogramanalysis [The book]: https://quay.github.io/clair/
Community
- Mailing List: clair-dev@googlegroups.com
- IRC: #clair on freenode.org
- Bugs: issues
Contributing
See CONTRIBUTING for details on submitting patches and the contribution workflow.
License
Clair is under the Apache 2.0 license. See the LICENSE file for details.