Skip to main content

Push and Analyse containers with Clair

Project description

Paclair is a Python3 Cli tool to interact with Coreos’s Clair.


  • No need to have docker installed since Paclair interacts directly with the registries.
  • Compatible with all registries.
  • Simple to use.
  • Easy integration in a CI job thanks to a lightweight output mode.


To install Paclair, simply use pipenv (or pip, of course):

$ pipenv install paclair




An example configuration file is available in the conf directory

  clair_url: 'https://localhost:6060'
  verify: "/etc/ssl/certs/my_custom_ca.crt"
    class: paclair.plugin.docker_plugin.DockerPlugin
          - "*****"
          - "*****"
        verify: "/etc/ssl/certs/ca-certificates.crt"

Plugins are dynamically loaded during execution. That’s why you have to specify the class of the plugins you want to use.

We have various plugins to interact with different sources (ex: docker registry, Elasticsearch) because we use a custom variant of Clair which can analyse more than Docker images.

If you want to use Paclair only to analyse docker images, don’t bother with others plugins.


Config Option Description
General::clair_url url of the Clair Server
General::verify Either a boolean, in which case it controls whether we verify the server’s TLS certificate, or a string, in which case it must be a path to a CA bundle to use.
Plugins List of plugins to use. If you only want to analyse docker images, keep the default configuration
Plugins::Docker::class Class for the docker plugin
Plugins::Docker::registries You can specify configuration for registries (authentification, …) if needed
Plugins::Docker::registries::regi stry1::auth login/password
Plugins::Docker::registries::regi stry1::verify Either a boolean, in which case it controls whether we verify the server’s TLS certificate, or a string, in which case it must be a path to a CA bundle to use.
Plugins::Docker::registries::regi stry1::protocol Protocol to use (http or https). Default to https

Running the tests

Launch tox.

$ tox


$ paclair --help
usage: [-h] [--debug] [--syslog] [--conf CONF]
               plugin hosts [hosts ...] {push,analyse} ...

positional arguments:
  plugin          Plugin to launch
  hosts           Image/hostname to analyse
  {push,analyse}  Command to launch
    push          Push images/hosts to Clair
    analyse       Analyse images/hosts already pushed to Clair

optional arguments:
  -h, --help      show this help message and exit
  --debug         Debug mode
  --syslog        Log to syslog
  --conf CONF     Conf file


Push ubuntu image to Clair

$ paclair --conf conf/conf.yml Docker ubuntu push
Pushed ubuntu to Clair.

Analyse ubuntu image

$ paclair --conf conf/conf.yml Docker ubuntu analyse --statistics
Medium: 3

You can have the full json if you don’t specify –statistics


Feel free to contribute.


Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for paclair, version 1.0.0
Filename, size File type Python version Upload date Hashes
Filename, size paclair-1.0.0-py3-none-any.whl (22.6 kB) File type Wheel Python version py3 Upload date Hashes View hashes
Filename, size paclair-1.0.0.tar.gz (18.6 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page