quay/clair

Features

• Container Security Scanners - Identifies vulnerabilities in container images by matching indexed contents against known security databases.
• Container Security - Provides comprehensive security analysis and vulnerability scanning for container images.
• Content-Addressable Storage - Implements content-addressable storage to index container layers by cryptographic hashes and avoid redundant analysis.
• Intermediate Representations - Transforms raw package data into a standardized intermediate representation to correlate source-level packages with binary versions.
• Metadata Synchronizers - Periodically synchronizes security metadata from remote vulnerability databases to maintain a local searchable registry.
• Static Analysis - Matches image package manifests against vulnerability databases using static analysis without executing the container.
• Indexing Services - Processes container image layers into intermediate representations to enable fast security lookups.
• Image Indexing Tools - Processes image manifests into intermediate representations to enable fast security lookups and duplicate detection.
• Image Layer Analyzers - Parses and decomposes container image manifests to isolate and analyze individual filesystem layers.
• Vulnerability Syncing - Fetches and synchronizes security data from multiple external vulnerability databases.
• Vulnerability Database Management - Synchronizes and maintains local registries of security metadata from multiple external vulnerability sources.
• Image Vulnerability Assessments - Analyzes container images to correlate contents with known security vulnerabilities based on risk levels.
• Vulnerability Scanning - Scans container images across various package formats by comparing contents against multi-platform vulnerability databases.
• Continuous Security Monitoring - Tracks previously analyzed images and alerts users when new vulnerabilities are discovered.
• Container Registry Integrations - Integrates with container registries to automate security scanning and generate alerts.
• Scan Version Tracking - Uses unique identifiers in responses to allow clients to detect when an image requires a new scan.
• Messaging Notifications - Delivers vulnerability alerts via messaging protocols based on defined polling and delivery intervals.
• Package Version Mapping - Tracks the relationship between source-level packages and binary versions to improve vulnerability attribution accuracy.
• Vulnerability Alerts - Monitors updated security data and notifies users when new threats affect previously analyzed manifests.
• Security Report Generation - Generates detailed documents listing security findings and vulnerabilities discovered within container images.
• Cloud Native Infrastructure - Service for scanning and analyzing container image vulnerabilities.
• Container Security - Vulnerability scanner for container images.
• Infrastructure as Code Analysis - Scans container images for known vulnerabilities.
• Container Management - Static analysis tool for identifying vulnerabilities in container images.
• Image Scanning and SBOM - Static analysis of vulnerabilities in container images.

Star history