3

According to the following documentation it should be possible to integrate clair with a docker private registry. How to do that?

Registry Integration

Clair can be integrated directly into a container registry such that the registry is responsible for interacting with Clair on behalf of the user. This type of setup avoids the manual scanning of images and creates a sensible location to which Clair's vulnerability notifications can be propagated. The registry can also be used for authorization to avoid sharing vulnerability information about images to which one might not have access.

Ta Mu
  • 6,792
  • 5
  • 43
  • 83
030
  • 13,383
  • 17
  • 76
  • 178

1 Answers1

0

Both Docker Registry and Docker Engine have API interfaces. I consider it should be possible to implement a Docker plugin for this integration to have images scanned for example as somebody pushes them. (side note - Docker registry is an image registry, not container registry).

This scanner functionality is also possible through the commercial Docker Enterprise edition. https://docs.docker.com/docker-cloud/builds/image-scan/

UPD here an example with clair/docker, looks quite simple http://blog.xebia.com/docker-containers-vulnerability-scan-clair/

Ta Mu
  • 6,792
  • 5
  • 43
  • 83