Clair is an open source project for the static analysis of vulnerabilities in application containers (currently including appc and docker).
- In regular intervals, Clair ingests vulnerability metadata from a configured set of sources and stores it in the database.
- Clients use the Clair API to index their container images; this creates a list of features present in the image and stores them in the database.
- Clients use the Clair API to query the database for vulnerabilities of a particular image; correlating vulnerabilities and features is done for each request, avoiding the need to rescan images.
- When updates to vulnerability metadata occur, a notification can be sent to alert systems that a change has occur