The repository is used to scan Flair images for vulnerabilities
Startup
To scan a Flair docker image, you need to start a scanner first, then start the scan.
Start the scanner
First start the database, Clair (scanner) and a docker registry by running
./start.sh
Wait for at least 30 minutes after startup to wait for the Clair to pull vulnerability into a local PostgreSQL database, otherwise, you won't find any vulnerabilities.
Do the scan
Then, run the scanning by first editing the following file scan/klarrunner/.env
APPNAME=flair-engine
APPVER=latest
where APPNAME is a flair docker image name, and APPVER is the version you would like to scan (latest by default).
After that run
./scan.sh
You should see high and critical vulnerability scanning results on the screen.
The scan.sh file builds the klar docker image from the scan/klarrunner folder that starts the actual scan. Then it pulls the image you requested to scan into the local docker repository, and then starts the scanning.
Troubleshooting
If any issues, run the following commands and try again.
docker-compose -f docker/scanner-docker-compose.yml down
docker-compose -f scan/klarrunner-docker-compose.yml down