Push and Analyse containers with Clair
Project description
Paclair is a Python3 Cli tool to interact with Coreos’s Clair.
Features:
No need to have docker installed since Paclair interacts directly with the registries.
Compatible with all registries.
Simple to use.
Easy integration in a CI job thanks to a lightweight output mode.
Installation
To install Paclair, simply use pipenv (or pip, of course):
$ pipenv install paclair
✨🍰✨Voilà!
Configuration
Example
An example configuration file is available in the conf directory
General:
clair_url: 'https://localhost:6060'
verify: "/etc/ssl/certs/my_custom_ca.crt"
Plugins:
Docker:
class: paclair.plugins.docker_plugin.DockerPlugin
registries:
registry.gitlab.domain.com:
auth:
- "*****"
- "*****"
verify: "/etc/ssl/certs/ca-certificates.crt"
Plugins are dynamically loaded during execution. That’s why you have to specify the class of the plugins you want to use.
We have various plugins to interact with different sources (ex: docker registry, Elasticsearch) because we use a custom variant of Clair which can analyse more than Docker images.
If you want to use Paclair only to analyse docker images, don’t bother with others plugins.
Options
Config Option |
Description |
|---|---|
General::clair_url |
url of the Clair Server |
General::verify |
Either a boolean, in which case it controls whether we verify the server’s TLS certificate, or a string, in which case it must be a path to a CA bundle to use. |
Plugins |
List of plugins to use. If you only want to analyse docker images, keep the default configuration |
Plugins::Docker::class |
Class for the docker plugin |
Plugins::Docker::registries |
You can specify configuration for registries (authentification, …) if needed |
Plugins::Docker::registries::regi stry1::auth |
login/password |
Plugins::Docker::registries::regi stry1::verify |
Either a boolean, in which case it controls whether we verify the server’s TLS certificate, or a string, in which case it must be a path to a CA bundle to use. |
Plugins::Docker::registries::regi stry1::protocol |
Protocol to use (http or https). Default to https |
Running the tests
Launch tox.
$ toxUsage
$ paclair --help
usage: main.py [-h] [--debug] [--syslog] [--conf CONF]
plugin hosts [hosts ...] {push,analyse} ...
positional arguments:
plugin Plugin to launch
hosts Image/hostname to analyse
{push,analyse} Command to launch
push Push images/hosts to Clair
analyse Analyse images/hosts already pushed to Clair
optional arguments:
-h, --help show this help message and exit
--debug Debug mode
--syslog Log to syslog
--conf CONF Conf fileExample
Push ubuntu image to Clair
$ paclair --conf conf/conf.yml Docker ubuntu push
Pushed ubuntu to Clair.Analyse ubuntu image
$ paclair --conf conf/conf.yml Docker ubuntu analyse --statistics
Medium: 3You can have the full json if you don’t specify –statistics
Contributing
Feel free to contribute.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file paclair-1.0.1.tar.gz.
File metadata
- Download URL: paclair-1.0.1.tar.gz
- Upload date:
- Size: 18.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 6e6c183417307d28e10ccbe28d08a2eba0bea643821f23a6781131d4aa5bd3d2 |
|
| MD5 | 0c866ce4406754ad6789cfb76adc1d43 |
|
| BLAKE2b-256 | 6f540512c26db4c63561a15f56793c8b0517bfece8f89782bac88d465b9e3ee2 |
File details
Details for the file paclair-1.0.1-py3-none-any.whl.
File metadata
- Download URL: paclair-1.0.1-py3-none-any.whl
- Upload date:
- Size: 22.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 554a4039c182300647ddff82d088cd3e46548c7851300d955579414de8bc66a3 |
|
| MD5 | 54bb45ff36f9cf0ff066f560cd86ca99 |
|
| BLAKE2b-256 | 595f48b56c1fbc1082459c02bb49fc3cb8119682ff2040cd7924d8a965ef0d8a |
