Comments (8)
Hi,
I believe that it could be related to #27, fixed this morning by 9391417. Do you have the latest version of the tool ?
from clair.
@Quentin-M I ran this to install the tool:
go get -u github.com/coreos/clair/contrib/analyze-local-images
but I'm not mounting /tmp. Should I?
from clair.
@Quentin-M after adding -v /tmp:/tmp to the way the clair contained is created, everything works as expected. Sorry for the duplicate, but it would be nice if this is documented somewhere (or if the webserver is always launched no matter the endpoint configuration).
Anyhow, thanks for the tip.
from clair.
My pleasure. I just improved the README.
from clair.
@Quentin-M when I launch clair, I see this
2015-11-24 21:34:37.511696 I | updater/fetchers: fetching Debian vulneratibilities
2015-11-24 21:34:37.511802 I | updater/fetchers: fetching Red Hat vulneratibilities
2015-11-24 21:34:37.511894 I | updater/fetchers: fetching Ubuntu vulneratibilities
but it does not seem to finish. I took a quick look at the container with docker exec -ti container_id ps aux
and this is what I see:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 1.8 0.2 479912 43404 ? Ssl+ 21:34 0:01 clair --db-type=bolt --db-path=/db/database --log-level=debug
root 13 42.8 3.1 585080 508000 ? R+ 21:34 0:38 /usr/bin/python /usr/bin/bzr branch lp:ubuntu-cve-tracker /tmp/ubuntu-cve-tracker508522274/repository
root 16 0.0 0.0 20232 1996 ? Ss 21:35 0:00 bash
root 25 0.0 0.0 17484 1120 ? R+ 21:36 0:00 ps aux
so I have two questions:
- Will there be a message saying that the update process is done?
- Why isn't there an update process for RedHat?
Sorry to ask in the same ticket, if there is a mailing list for Clair, I will be more than happy to send an email there.
from clair.
Eventually the python process will go away (I assume because it finishes successfully, thought there is no log entry suggesting that) and all I see is this:
ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 3.9 0.6 541988 109560 ? Ssl+ 21:34 0:11 clair --db-type=bolt --db-path=/db/database --log-level=debug
root 16 0.0 0.0 20232 1996 ? Ss 21:35 0:00 bash
root 28 0.0 0.0 17484 1132 ? R+ 21:39 0:00 ps aux
which is fine I guess. My problem here is that I am analyzing an image which is based on CentOS:6.6 and when I run the tool it just says BRAVO :). Not that I'm not happy for such a message but I just find it strange, so I want to make sure that everything is in place before telling myself that clair does not detect any security vulnerability.
from clair.
There is currently no mailing list.
- Yes, a message is printed at the end of the update. You can also increase the log level with
--log-level=trace
. - Both Debian and Red Hat vulnerabilities are fetched directly in pure Go, there are just some go routines for that. However, as you noticed, Clair needs to clone a bzr repository and uses an external tool for that.
- The initial update can be quite long, especially because the Ubuntu repository is pretty big (~200MB), needs to be entirely cloned and has a poor bandwidth.
Edit: The fact that the python process is finished doesn't mean that the update is finished. It still needs to parse the Ubuntu vulnerabilities and then insert everything in the database.
from clair.
@Quentin-M all right. I will keep an eye on it and wait until it's done. Some more information will be nice though just to keep the impatient user (like me) on the loop.
from clair.
Related Issues (20)
- Ports not correctly handled when configuring indexer.airgap
- Documented updated.filters feature is not implemented HOT 1
- failed to scan all layer contents: rhel: unable to create a mappingFile object HOT 3
- vulnerabilities not matched for `node:12.22-buster` image
- Problems trying to integrate the clair notifier
- Running Clair locally is DOA HOT 2
- clair-matcher warning unable to parse python vulnerability range HOT 4
- docs: `--host` incorrectly documented as main command flag HOT 3
- Not finding any CVEs despite Trivy and Grype finding many HOT 9
- docs: cmd: document dropins scheme
- notifier: migrate to `amqp091` HOT 1
- docs: Add grafana and pyroscope to the testing.md docs HOT 1
- Verifying the Clair Installation HOT 3
- CVE-2023-38408 is not found on any images that other scanners show have it HOT 2
- CVE-2020-7712 is for node json package but clair false positives by flagging ruby json package as vulnerable HOT 1
- Clair Vulnerability Databases/Sources HOT 2
- config: lint for `jaeger` protocol & support for OTLP export HOT 1
- clairctl: export-updaters OOM issues HOT 7
- Incorrect old CVES are being report with COPY and python virtualenv HOT 1
- Error during the internal updaters process for rhel, alpine and ubuntu url HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from clair.