General Clair v4 Questions
109 views
Skip to first unread message
Brad Gray
Mar 5, 2021, 6:23:53 PM3/5/21
to clair-dev
Hi all,
I have some general questions regarding Clair v4.
- Is there a public roadmap available? https://github.com/quay/clair/blob/main/ROADMAP.md seems to be old.
- Is there a listing for v4 support beyond what is found at https://quay.github.io/claircore/ ?
- Does v4 support windows images? Looking at this github issue (https://github.com/quay/clair/issues/836) : "Technically Clair can work with Windows images, but we don't have any explicit data sources or code to parse software out of a Windows image, so effectively you will not get any results." That was in 2019; has that changed?
- I have been unable to scan any bitnami images (https://hub.docker.com/search?q=bitnami&type=image) with either v2 or v4. Are these generally not supported?
Thanks,
Brad
- I have been unable to scan any bitnami images (https://hub.docker.com/search?q=bitnami&type=image) with either v2 or v4. Are these generally not supported?
Thanks,
Brad
Michael Venezia
Mar 9, 2021, 1:35:22 PM3/9/21
to clair-dev
On a related note, as someone who is currently using clair 4 (mostly haphazardly as I could not find a great guide - kept trying configs until it finally "worked") can we get some sort of expected resource requirements?
For clair itself, how much memory is expected to be soaked up, an expectation of cpu usage, etc.
For the database that clair uses, how much storage is needed? I was surprised to find that my postgres installation - only used by clair - is soaking up 8GB. Is that to be expected? Does it continue to grow, etc.
Mike
Louis DeLosSantos
Mar 9, 2021, 3:38:01 PM3/9/21
to clair-dev
Hey,
- Is there a public roadmap available? https://github.com/quay/clair/blob/main/ROADMAP.md seems to be old.
We've been displaying our roadmap during community development meetings. You can see the details for those meetings here:
We have not written this up on our repository just yet.
- Is there a listing for v4 support beyond what is found at https://quay.github.io/claircore/ ?
I'm not sure what you mean here? Can you explain?
- Does v4 support windows images? Looking at this github issue (https://github.com/quay/clair/issues/836)
: "Technically Clair can work with Windows images, but we don't have
any explicit data sources or code to parse software out of a Windows
image, so effectively you will not get any results." That was in 2019;
has that changed?
No official support for windows containers at this time.
- I have been unable to scan any bitnami images (https://hub.docker.com/search?q=bitnami&type=image) with either v2 or v4. Are these generally not supported?
Clair has a support matrix you can find here on our first page of documentation here:
If bitnami images utilizes any of those distributions as a base container, scanning should be supported.
Louis DeLosSantos
Mar 9, 2021, 3:42:16 PM3/9/21
to clair-dev
Michael,
We keep an update to date configuration reference here:
Please inform us if something is missing.
As far as resources go, this depends heavily on your use cases and load you put onto Clair.
Clair indexes over 200 million vulnerabilities, so you should expect your database to be large.
Clair also utilizes the disk when scanning and downloading data as scratch space.
The application utilizes concurrency heavily to download container layers in parallel, so you'd want at least 2 cores to be able to perform work in parallel.
I'd start off with a minimum of 8gb of ram if you're running Clair as a persistent service. If you're utilizing Clair in a one off manner, you can deal with quite a bit less.
Reply all
Reply to author
Forward
0 new messages