1 Repo
Creating searchable inventories of software components and versions extracted from static analysis.
Distinct from Static Indexing Tools: Existing candidates focus on static text indexing, compiler optimization, or project directories, not security-focused component inventories.
Explore 1 awesome GitHub repository matching security & cryptography · Component Indexing. Refine with filters or upvote what's useful.
Clair is a container vulnerability scanner that performs static analysis of container images to identify known security vulnerabilities. It functions as an analyzer for OCI and Docker images, indexing their contents to detect security risks and outdated packages without requiring the containers to be running. The tool identifies vulnerabilities by matching indexed container components against security databases to find common vulnerabilities and exposures. This process involves analyzing filesystem layers to track the provenance and versioning of packages across the image hierarchy. The proj
Extracts package versions and metadata from container layers to create a searchable inventory for audits.