Periodic scanning
15 views
Skip to first unread message
Simon Szustkowski
Jan 20, 2022, 3:42:43 AM1/20/22
to clair-dev
Hi,
we are currently trying out a combination of Quay and Clair, with the result that the images are scanned on each push operation to Quay.
Would it be possible to configure a periodic check, so that images which are untouched still get scanned from time to time with their vulnerability rating modified if new vulnerabilities are found? If yes, how would i do that?
Thanks and best regards
Hank Donnay
Jan 20, 2022, 10:53:35 AM1/20/22
to clai...@googlegroups.com
Hello,
On Thu, Jan 20, 2022 at 12:42:43AM -0800, Simon Szustkowski wrote:
>Would it be possible to configure a periodic check, so that images which
>are untouched still get scanned from time to time with their vulnerability
>rating modified if new vulnerabilities are found?
This is how it works -- Quay requests a new vulnerability report on
every page view.
--
hank
On Thu, Jan 20, 2022 at 12:42:43AM -0800, Simon Szustkowski wrote:
>Would it be possible to configure a periodic check, so that images which
>are untouched still get scanned from time to time with their vulnerability
>rating modified if new vulnerabilities are found?
every page view.
--
hank
Simon Szustkowski
Jan 20, 2022, 3:45:11 PM1/20/22
to clai...@googlegroups.com
Hmmm, on every page view you say? So it would be possible to just curl the Quay landingpage via cron?
I don't think my customer would visit the Quay WebUI so often and merely use the Container Security Operator in Openshift, and they are explicitly asking for periodic scannings in the background to track the "degradation" of an image.
--
You received this message because you are subscribed to a topic in the Google Groups "clair-dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/clair-dev/9xOIxMn6tsg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to clair-dev+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/clair-dev/YemFegsWLOnWYZjP%40redhat.com.
Hank Donnay
Jan 20, 2022, 4:24:56 PM1/20/22
to clai...@googlegroups.com
On Thu, Jan 20, 2022 at 09:44:54PM +0100, Simon Szustkowski wrote:
>Hmmm, on every page view you say? So it would be possible to just curl the
>Quay landingpage via cron?
Yes, they can use the Quay Security API or the clair API directly.
>Hmmm, on every page view you say? So it would be possible to just curl the
>Quay landingpage via cron?
>I don't think my customer would visit the Quay WebUI so often and merely
>use the Container Security Operator in Openshift, and they are explicitly
>asking for periodic scannings in the background to track the "degradation"
>of an image.
reports periodically. I don't know for certain, though.
--
hank
Reply all
Reply to author
Forward
0 new messages