git clone https://github.com/arminc/clair-
scanner.git
apt install golang
Page | 15
www.hackingarticles.in
Build the library to install all dependencies of the Clair.
As you can see, we have the following file in the bucket list.
cd clair-scanner
make build
make cross
Page | 16
www.hackingarticles.in
If in your host
machine, you don’t have a docker image, you can
pull a new image, as we did here to
illustrate vulnerability assessment.
Now, run the docker image of the Clair that will listen at local port 5432.
docker pull ubuntu:16.04
docker run -d -p 5432:5432 --name db
arminc/clair-db:latest
Page | 17
www.hackingarticles.in
Also, run the docker image for Postgres to link Clair scan with the help of the following command
.
Now, let’s use the Clair for
scanning the vulnerability of a container or docker image, with the help of
the following command.
Syntax: ./clair-scanner -ip -r output.jason
docker run -p 6060:6060 --link db:postgres -d
--name clair arminc/clair-local-scan:latest
./clair-scanner --ip 172.17.0.1 -r
report.json ubuntu:16.04
Page | 18
www.hackingarticles.in
Booom!!!! And we got the scanning output which is showing 50 unapproved vulnerabilities.
|