docker镜像扫描

clair 是一个用于静态扫描docker镜像的开源项目。它会根据CVE漏洞库进行扫描并展示扫描结果。具体信息可以参考:https://github.com/coreos/clair , https://github.com/arminc/clair-scanner。 这里做一个最简单的运行实例:
docker run -p 5432:5432 -d --name db arminc/clair-db:2017-09-18
docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
mv clair-scanner_linux_amd64 clair-scanner
chmod u+x clair-scanner
clair-scanner --ip YOUR_LOCAL_IP alpine:3.5

Author: jxin