This guide talks about setting up the Clair scanner and performs scans on vulnerable DVWA container. Also now it is possible to perform a hands-on demo on katacoda.
You can run the demo on Katacoda. For running the demo visit https://www.katacoda.com/justmorpheus
You can run a dedicated Clair server with a database and use that in your ci/cd pipeline but if you want to run Clair as part of your ci/cd pipeline then you are in a surprise:
Starting Clair from scratch takes about 20 to 30 minutes because the database needs to be filled up with CVEs.Clair needs to access the container layers and therefore you need remote access from Clair to your build job.How to scan containersStart the Clair database and Clair locally or while running your job.
docker run -d –name clair-db arminc/clair-db:latest
docker run -p 6060:6060 –link clair-db:postgres -d –name clair arminc/clair-local-scan:v2.0.8_fe9b059d930314b54c78f75afe265955faf4fdc1
Scan a vulnerable image
We need a vulnerable image. There are few vulnerable images, including Damn Vulnerable Web Application. We can use
Read the article