Integrate Clair with Vulnetix. Deploy Clair v4 to scan container images for OS package CVEs. Export findings as JSON via clairctl and upload to Vulnetix.
GoCLI toolJSONXML
Install & scan
$ # Deploy Clair v4 with PostgreSQL backend wget https://raw.githubusercontent.com/quay/clair/main/docker-compose.yaml docker compose up -d # clairctl is bundled in the clair Docker image docker run --rm quay.io/projectquay/clair:4.7.0 clairctl --help $ # Using clairctl with a running Clair instance docker run --rm quay.io/projectquay/clair:4.7.0 clairctl report --host http://localhost:6060 --out json alpine:latest > clair-report.json
Run Clair in CI
Scan on every push and upload the results to Vulnetix:
- name: Start Clair
run: |
wget -q https://raw.githubusercontent.com/quay/clair/main/docker-compose.yaml
docker compose up -d
sleep 30
- name: Scan with clairctl
run: |
docker run --rm --network host quay.io/projectquay/clair:4.7.0 clairctl report --host http://localhost:6060 --out json myapp:${{ github.sha }} > clair-report.json
- name: Upload report
run: vulnetix upload --file clair-report.json
Centralise Clair results in Vulnetix
Upload Clair JSON, XML output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.