Microservices NYC - Container Vulnerability Analysis with Clair

Jake Moshenko, Product Manager at CoreOS, and Quentin Machu, Software Engineer at CoreOS, joined us to discuss Clair, an open-source project for the static analysis of vulnerabilities in appc and docker containers.

Vulnerability data is continuously imported from a known set of sources and correlated with the indexed contents of container images in order to produce lists of vulnerabilities that threaten a container. When vulnerability data changes upstream, the previous state and new state of the vulnerability along with the images they affect can be sent via webhook to a configured endpoint. All major components can be customized programmatically at compile-time without forking the project.

Our goal is to enable a more transparent view of the security of container-based infrastructure. Thus, the project was named Clair after the French term which translates to clear, bright, transparent.

My apologies for the mediocre quality. Next time I'm going to try capturing the slides separately and doing camera exposure on the speaker.