Clair, an open source container image vulnerability scanner, indexing image layers and reporting known CVEs through a simple HTTP API.
Clair is an open source static analysis service for container images. It pulls the layers of an OCI or Docker image, indexes the operating system and language packages inside them, matches those packages against a continuously updated set of vulnerability databases, and reports the known CVEs that affect the image. It runs as an HTTP API service with no web interface, so it slots into registries, CI pipelines and security tooling that submit images for scanning and read back a vulnerability report. This appliance runs Clair in a single node combo configuration, with the indexer, matcher and notifier all in one process backed by a bundled database on the same machine.
cloudimg delivers Clair fully patched and preconfigured with its PostgreSQL back end bundled on the same instance, so it indexes and scans images the moment it boots, with the companion clairctl command line client installed for one line scans. The image is secure by default: no known credential ships, a unique database password is generated on each instance's first boot and written to a root only file, and the scanning API is not exposed to the network by default so you open and protect it on your own terms. Every deployment carries a paired deployment guide and 24/7 support.