Skip to main content

Push and Analyse containers with Clair

Project description

Paclair is a Python3 Cli tool to interact with Coreos’s Clair.

Features:

  • Now compatible with Clair V3 (delete is not available)

  • No need to have docker installed since Paclair interacts directly with the registries.

  • Compatible with all registries.

  • Simple to use.

  • Easy integration in a CI job thanks to a lightweight output mode.

Installation

To install Paclair, simply use pip (or pipenv):

$ pip install paclair
✨🍰✨

Voilà!

Configuration

Example

An example configuration file is available in the conf directory

General:
  clair_url: 'https://localhost:6060'
  verify: "/etc/ssl/certs/my_custom_ca.crt"
Plugins:
  Docker:
    class: paclair.plugins.docker_plugin.DockerPlugin
    registries:
      registry.gitlab.domain.com:
        auth:
          - "*****"
          - "*****"
        verify: "/etc/ssl/certs/ca-certificates.crt"

Plugins are dynamically loaded during execution. That’s why you have to specify the class of the plugins you want to use.

We have various plugins to interact with different sources (ex: docker registry, Elasticsearch) because we use a custom variant of Clair which can analyse more than Docker images.

If you want to use Paclair only to analyse docker images, don’t bother with others plugins.

Options

Config Option

Description

General::clair_url

url of the Clair Server.

General::verify

Either a boolean, in which case it controls whether we verify the server’s TLS certificate, or a string, in which case it must be a path to a CA bundle to use.

General::clair_api_version

Clair Api Version. If different from 3, will be set to default. Default to 1.

General::html_template

Html template. You can use a custom html template when using html output.

Plugins

List of plugins to use. If you only want to analyse docker images, keep the default configuration.

Plugins::Docker::class

Class for the docker plugin

Plugins::Docker::registries

You can specify configuration for registries (authentification, …) if needed.

Plugins::Docker::registries::regi stry1::auth

login/password

Plugins::Docker::registries::regi stry1::verify

Either a boolean, in which case it controls whether we verify the server’s TLS certificate, or a string, in which case it must be a path to a CA bundle to use.

Plugins::Docker::registries::regi stry1::protocol

Protocol to use (http or https). Default to https.

Running the tests

Launch tox.

$ tox

Usage

usage: paclair [-h] [--debug] [--syslog] [--conf CONF]
               plugin hosts [hosts ...] {push,delete,analyse} ...

positional arguments:
  plugin                Plugin to launch
  hosts                 Image/hostname to analyse
  {push,delete,analyse}
                        Command to launch
    push                Push images/hosts to Clair
    delete              Delete images/hosts from Clair
    analyse             Analyse images/hosts already pushed to Clair

optional arguments:
  -h, --help            show this help message and exit
  --debug               Debug mode
  --syslog              Log to syslog
  --conf CONF           Conf file

Analyse command usage

usage: paclair plugin hosts [hosts ...] analyse [-h]
                                            [--output-format {stats,html}]
                                            [--output-report {file,term}]
                                            [--output-dir OUTPUT_DIR]
                                            [--delete]

optional arguments:
  -h, --help            show this help message and exit
  --output-format {stats,html}
                        Change default output format (default: json)
  --output-report {file,term}
                        Change report location (default: logger)
  --output-dir OUTPUT_DIR
                        Change output directory (default: current)
  --delete              Delete after analyse

Examples

Push ubuntu image to Clair

$ paclair --conf conf/conf.yml Docker ubuntu push
Pushed ubuntu to Clair.

Analyse ubuntu image

$ paclair --conf conf/conf.yml Docker ubuntu analyse --output-format stats
Medium: 3

You can have the full json if you don’t specify –output-format stats

Analyse ubuntu image and get a html report in directory /tmp

$ paclair --conf conf/conf.yml Docker ubuntu analyse --output-format html --output-dir /tmp

Delete ubuntu image

$ paclair --conf conf/conf.yml Docker ubuntu delete
ubuntu was deleted from Clair.

Contributing

Feel free to contribute.

Authors

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

paclair-3.0.0.tar.gz (29.4 kB view details)

Uploaded Source

Built Distribution

paclair-3.0.0-py3-none-any.whl (29.6 kB view details)

Uploaded Python 3

File details

Details for the file paclair-3.0.0.tar.gz.

File metadata

  • Download URL: paclair-3.0.0.tar.gz
  • Upload date:
  • Size: 29.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.11.0 pkginfo/1.4.2 requests/2.19.1 setuptools/40.2.0 requests-toolbelt/0.8.0 tqdm/4.25.0 CPython/3.6.5

File hashes

Hashes for paclair-3.0.0.tar.gz
Algorithm Hash digest
SHA256 3ffdc536b4d43574f22bbb3576f3ba5dbd1863b8fe7c44c5d9ab7f36ad7e8559
MD5 92d35debf8f2eddb1a3673c1be551143
BLAKE2b-256 b93961f9b364a2f956b0d8f796711e27f246e2b333c97e0aa050338b8870b03a

See more details on using hashes here.

File details

Details for the file paclair-3.0.0-py3-none-any.whl.

File metadata

  • Download URL: paclair-3.0.0-py3-none-any.whl
  • Upload date:
  • Size: 29.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.11.0 pkginfo/1.4.2 requests/2.19.1 setuptools/40.2.0 requests-toolbelt/0.8.0 tqdm/4.25.0 CPython/3.6.5

File hashes

Hashes for paclair-3.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 a5ab55a4a44aa7d65aaa2f477a1d0ae5af89779b3db14e4c7fb1413fbc38fb25
MD5 2c9bb3d34ddf72d7389ab8bc94f1d04d
BLAKE2b-256 0ca541a1f54ac7dff91b591eb6a9122389c05b0769bd062c534c2f7c43c77f93

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page