quay
clair
Go

Vulnerability Static Analysis for Containers

Last updated Jul 8, 2026
11.0k
Stars
1.2k
Forks
56
Issues
+2
Stars/day
Attention Score
95
Language breakdown
Go 93.0%
jq 3.3%
Makefile 2.3%
Dockerfile 0.8%
Shell 0.5%
Go Template 0.1%
Files click to expand
README

Clair

Docker Repository on Quay PkgGoDev IRC Channel

Note: The main branch may be in an unstable or even broken state during development. Please use [releases] instead of the main branch in order to get stable binaries.

Clair Logo

Clair is an open source project for the [static analysis] of vulnerabilities in application containers (currently including [OCI] and [docker]).

Clients use the Clair API to index their container images and can then match it against known vulnerabilities.

Our goal is to enable a more transparent view of the security of container-based infrastructure. Thus, the project was named Clair after the French term which translates to clear, bright, transparent.

[The book] contains all the documentation on Clair's architecture and operation.

[OCI]: https://github.com/opencontainers/image-spec/blob/master/spec.md [docker]: https://github.com/docker/docker/blob/master/image/spec/v1.2.md [releases]: https://github.com/quay/clair/releases [static analysis]: https://en.wikipedia.org/wiki/Staticprogramanalysis [The book]: https://quay.github.io/clair/

Community

Contributing

See CONTRIBUTING for details on submitting patches and the contribution workflow.

License

Clair is under the Apache 2.0 license. See the LICENSE file for details.

🔗 More in this category

© 2026 GitRepoTrend · quay/clair · Updated daily from GitHub