DEPRECATED [mv to https://github.com/jgsqware/clairctl] -> A CLI for using Clair with Registry
Home Page: https://github.com/jgsqware/clairctl
License: MIT License
DEPRECATED [mv to https://github.com/jgsqware/clairctl] -> A CLI for using Clair with Registry
Currently is only possible to authenticate to repositories with one user.
Should be great to have multiples authentication users in the configuration file
sbehrens@lgml-sbehrens3 ~/work/bin$ ./hyperclair pull myspecial.registry.net:7002/skynet_test:latest 1 ↵
service is unavailable
FATA[0000] pulling image myspecial.registry:7002/skynet_test:latest: 400 - <html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx/1.4.6 (Ubuntu)</center>
</body>
</html>
Seems to not be using TLS by default. do not see a configuration example or config setting for this.
hello,
thanks for providing this tool. This is exactly what we are looking for.
I run into an issue while running docker-compose up -d after appending the config content in READE to docker-compose.yml.
My current docker-compose.yml is
version: '2'
services:
postgres:
container_name: clair_postgres
image: postgres:latest
environment:
POSTGRES_PASSWORD: password
clair:
container_name: clair_clair
image: quay.io/coreos/clair
depends_on:
- postgres
ports:
- "6060-6061:6060-6061"
links:
- postgres
volumes:
- /tmp:/tmp
- ./clair_config:/config
command: [-config, /config/config.yaml]
auth:
user: jgsqware
password: jgsqware
insecureSkipVerify: true
hyperclair:
uri: http://hyperclair
port: 9999when I run docker-compose up -d, I see the following errors:
Unsupported config option for services.auth: 'password'
Unsupported config option for services.hyperclair: 'uri'
Could you let me know what shall do to resolve these issues?
Thanks,
Remove all dependencies that can be use inline instead.
Tools like https://github.com/divan/depscheck could be useful.
Goal is to reduce risk of dependency problem and reduce size of hyperclair binary
14:12:23 ! ~/clair_config $ hyperclair pull ZZROTDesign/alpine-ghost
client quit unexpectedly
FATA[0000] retrieving user: user: Current not implemented on darwin/amd64
Am I missing a setup step or does it not work on OSX?
@npirotte: Voici le JSON https://gist.github.com/jgsqware/694e9b92dcdaddb88adf
L'idée est de créer un rapport un peu joli.
Pour le moment j'ai çà:
J'aimerai avoir quelque chose de plus sympa. J'aime beaucoup l'interface de Nautilus de Docker
Un truc dans le genre avec des couleurs pour les vulnérabilités c'est assez cool!
On peut en discuter ici
<div class="features">
<ul>
</ul>
</div>
The whole feature section is empty. The json report is correct
Receiving 'pull from clair is unauthorised' for each layer
Hi my setup is:
clair v1.2.6 running in container on remote host with 6060:6060 published
hyperclair 0.5.2 installed on my machine with the config:
clair:
port: 6060
uri: http://clair.myserver
priority: Low
hyperclair:
ip: 192.168.X.X
I build an image e.g. ely/baseimage using local docker engine.
I then push to clair
hyperclair --log-level Debug --local --config .hyperclair.yml push ely/baseimage
DEBU[0000] Using config file: .hyperclair.yml
DEBU[0000] using 192.168.2.31:0 as local ip
DEBU[0000] Update local server port from "0" to "36419"
INFO[0000] Starting Server on 192.168.2.31:36419
DEBU[0000] preparing ely/baseimage:latest
DEBU[0000] docker image to save: ely/baseimage:latest
DEBU[0000] saving in: /tmp/hyperclair/ely/baseimage/blobs
INFO[0012] Getting image's history
DEBU[0013] prepared image layers: 4
INFO[0013] Pushing Image
DEBU[0013] using 192.168.2.31:36419 as local ip
INFO[0013] using http://192.168.2.31:36419/local as local url
INFO[0013] Pushing Layer 1/4 [86b2a981852b]
DEBU[0013] Saving 86b2a981852b216252b88a7734030495b7fa07936d63f6cf3e572faa4969b442[https://registry-1.docker.io/v2]
INFO[0013] Pushing Layer 2/4 [e7a0dbe9e16c]
DEBU[0013] Saving e7a0dbe9e16c80d71174378d9eed019d19fb8bcc0bc6b6d57f5ae689dd44aea9[https://registry-1.docker.io/v2]
INFO[0013] Pushing Layer 3/4 [f5f6958772a9]
DEBU[0013] Saving f5f6958772a92cc42f0838d443f4009f88a9110ba4cef4b0965d0792b06dea07[https://registry-1.docker.io/v2]
INFO[0013] Pushing Layer 4/4 [e1f3b934ed34]
DEBU[0013] Saving e1f3b934ed34fd366abef4c7f9692e1d08a68ac6988dcd233f6d2e8c47f3976e[https://registry-1.docker.io/v2]
DEBU[0013] cleaning temporary local repository
ely/baseimage has been pushed to Clair
Analysing using
hyperclair --log-level Debug --local --config .hyperclair.yml analyse ely/baseimage
gives me
DEBU[0000] Using config file: .hyperclair.yml
INFO[0000] analysing layer [sha256:83a7d] 1/9: 404 - {"Error":{"Message":"the resource cannot be found"}}
INFO[0000] analysing layer [<missing>] 2/9
INFO[0000] analysing layer [<missing>] 3/9
INFO[0000] analysing layer [<missing>] 4/9
INFO[0000] analysing layer [<missing>] 5/9
INFO[0000] analysing layer [<missing>] 6/9
INFO[0000] analysing layer [<missing>] 7/9
INFO[0000] analysing layer [<missing>] 8/9
INFO[0000] analysing layer [<missing>] 9/9
Image: https://registry-1.docker.io/ely/baseimage:latest
8 layers found
➜ Analysis [<missing>] found 19 vulnerabilities.
➜ Analysis [<missing>] found 19 vulnerabilities.
➜ Analysis [<missing>] found 19 vulnerabilities.
➜ Analysis [<missing>] found 19 vulnerabilities.
➜ Analysis [<missing>] found 19 vulnerabilities.
➜ Analysis [<missing>] found 19 vulnerabilities.
➜ Analysis [<missing>] found 19 vulnerabilities.
➜ Analysis [<missing>] found 19 vulnerabilities.
I know that this image doesn't actually have vulnerabilities because I have also analysed it using my registry without --local
What strikes me is the analysing layer [<missing>] .
I think that clair has somehow tagged a layer with "<missing>", and keeps returning the analysis for this layer because hyperclair somehow isn't sending the image id's.
Any help ?
J'aimerai pour ce projet envisager CircleCI, mais pourquoi pas Drone.IO, des idées, des envies?
I am trying to login to hyperclair as follows:
With https I am seeing following output
hyperclair login https://<account>.dkr.ecr.us-west-2.amazonaws.com
Username: AWS Password: client quit unexpectedly FATA[0016] log in: log in http://https://<account>.dkr.ecr.us-west-2.amazonaws.com/v2: Get http://https://<account>.dkr.ecr.us-west-2.amazonaws.com/v2: dial tcp: unknown port tcp/
Without https it wait for longer period, looks like it is trying to communicate at port 80 which is not allowed in case of ecr.
hyperclair login <account>.dkr.ecr.us-west-2.amazonaws.com
Planned to use https://github.com/Sirupsen/logrus as logger
golang & cadvisor result in 'no layer found'
Hi,
We've recently unveiled an official Clair logo as part of the Clair 1.0 release. Would you mind updating the logo in your diagram with the released version?
Here is a link to a rasterization of the horizontal logo intended for use on a white background:
https://github.com/coreos/clair/blob/master/img/Clair_horizontal_color.png
Please let me know if you would prefer a stacked or vector version instead.
Thanks!
Regarding the 2.3 version, Probably need to update the manifest parsing for Registry 2.3
https://github.com/docker/distribution/releases/tag/v2.3.0
When running private docker registries, basic authentication is enabled quite a lot of the time. Currently only Bearer authentication is supported.
If no configuration file passed as parameters, no configuration file in the current folder or no configuration file in the hyperclair configuration folder, default configuration should be used
Hi,
Im trying to get clair/hyperclair working for my docker trusted registry with ssl enabled. I can login and pull images via hyperclair to the registry, but not push to clair:
./hyperclair-linux-amd64 pull dxxxxxxxxxxxxxxxxx/v2/xxxx/tools-xxxxx:1.0.1
Image: https://dxxxxxxxxxxxxxxxxx/v2/xxxx/tools-xxxxx:1.0.1
8 layers found
➜ sha256:7af61bd827110a81260ec127fe18a285f5c2b81ecff1193c99e75e4c4ddaeeb8
➜ sha256:49450d74f78203be950a7d8b6c8eec62b8a5852ea745c111c11409c64160c4a0
➜ sha256:3cecefdee658faed37324c640e5372502e0b740d1a147ebe9fe668960ba02d43
➜ sha256:d5bd2b88ef7ed138b5649ac86802a3592243eabf203e0d0a11bc835dc4c87a44
➜ sha256:5e9546c8f903e29b1d28d44d5dd558af02d8eadfae9a76e7c77a97fa51f11358
➜ sha256:75c879e7f7e54022c1f95735a93f67cb9bcc83fb80fa457ba1ff79e8046dfa85
➜ sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
➜ sha256:0653bff3c5cf23727e0ebceae7a28f7534ab64ed13966e080e4c9b035176c401
./hyperclair-linux-amd64 push dxxxxxxxxxxxxxxxxx/v2/xxxx/tools-xxxxx:1.0.1
2016-10-07 16:01:30.729731 I | http: proxy error: x509: certificate signed by unknown authority
client quit unexpectedly
FATA[0000] pushing image "dxxxxxxxxxxxxxxxxx/v2/xxxx/tools-xxxxx:1.0.1": 400 - {"Error":{"Message":"could not find layer"}}
Clair logs:
2016-10-07 05:01:30.730181 W | detectors: could not download layer: got status code 500, expected 2XX
2016-10-07 05:01:30.731005 E | worker: layer sha256:7af61bd827110a81260ec127fe18a285f5c2b81ecff1193c99e75e4c4ddaeeb8: failed to extract data from http://172.17.0.1:50352/v2/xxxx/tools-xxxxx:/blo bs/sha256:7af61bd827110a81260ec127fe18a285f5c2b81ecff1193c99e75e4c4ddaeeb8: could not find layer
2016-10-07 05:01:30.732137 I | api: 172.19.0.1:60874 "POST /v1/layers" 400 (242.396269ms)
Where do I add the CA authority?
Cheers,
Allow the user to add an email to received reports
Hey Guys,
i've been investigating using hyperclair. But iam not able to use an insecure registry. I receive this error:
tls: oversized record received with length 20527
Am i able to declare a insecure registry?
Kind regards,
Trying to understand how to make hyperclair to work. I tried to analyse 7 different images but I get the same error on all of them:
$ hyperclair analyse 1234567890ab
client quit unexpectedly
FATA[0000] pulling image "1234567890ab": analysing official images is not allowed
How do I analyse the images which I pull from Docker hub to make sure there are no issues?
As a user, I would like to upload to clair a local images and get the analysis result before pushing it on a repository.
cf. https://github.com/coreos/clair/tree/master/contrib/analyze-local-images
We could use a -l | --local as parameter for hyperclair push | analysis | report
Hello,
I receive the following error when trying to push:
sbehrens@lgml-sbehrens3 ~/work/bin$ ./hyperclair pull redacted:7001/skynet_test:latest
Image: http://redacted.net:7001/v2/skynet_test:latest
39 layers found
➜ sha256:4baff6353e3ecc2c85e29985fd9534cc586669e93cf759585e68190bd111fd86
➜ sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
➜ sha256:d586e6b6577fad9bc1d5a980a7e097a9e0098827ded0ed615eb9fe94eff446a9
➜ sha256:096c8d7554f62631a19d6ffbe51e004c36e223f9ee1ed8c49922e6f2e007b12b
➜ sha256:c47783e12e36af16e899c6be8d68d9dbe06c8187d4d87b60c4638bb2178cf17a
➜ sha256:8712c0133fc9e17602936b0b02dcb61363fd5bdce37bc4ce7fe7efd435a48dcb
➜ sha256:3576b66940b94a68770ccca5800ac4d54d3a54058280bfbfc242066272f48106
➜ sha256:03451e0ab5e4743016f354885cee73867b494b26da591a07888205c840eb1698
➜ sha256:05f72ce9972a85a11b92b1ef45de6b618105c3fddb3ef51c982dc6b61dae761f
➜ sha256:90803e365747176f4fb6881d5436ff48e18cf38d43b3a3fd02cf08c47de7e151
➜ sha256:c2ac3b67cf109e71286f40475d9e502f04772c0534931ef0d6e8981494557253
➜ sha256:bc52aeb8c83de9c67591725e69a2da0b476eb6e022e501c6b539718b147d2395
➜ sha256:643d1acaf71b54f5e2493fdd909c7847f7c22b0e6df1f4bd5e8e16f528162e59
➜ sha256:c055357a9cd74493c33ce637b8953be3052308a151ceb1ae809576f19fa3bb1b
➜ sha256:c5e6dc01736b10aa5538965b3bced556b5558a04809e2634e8f6642699f8960e
➜ sha256:41f404729896a2e5eea6ce485ab9b7154088f898f9c43486a7ac150976917706
➜ sha256:6a51103b25ec6b69d76c986c154cdb060d49c8209de1377826610c1e6a9b340b
➜ sha256:00173d89d3a2371f2fee7af5e8b991294bf24fd29b3575f7807c64586bd4f4ad
➜ sha256:866087b548d3011f5cb865cf110c569d04d18befaedef8cf0cdda3f13ef95df0
➜ sha256:3621c80bc602c538bd76167cfd0030f8980776a115fcd9f77de6c3e0058bc062
➜ sha256:8b43b7efff5c3524a68773faffb0e0875f4be4319fad5834011fef1b12fbc61d
➜ sha256:84c13fcc445f1d444416f05d9f0ab87b4e604478d1c5fc7b340baa4b073452e2
➜ sha256:3743690064cddfed3e7fa0189be63e62be24642ffc1675dfb3281b57875c3813
➜ sha256:e3bcb965dfbfde53a165ad2da94f599f2792adbddfbc3e091a2d04776639ecb4
➜ sha256:de990059815ee0528724e29e3dd13564cc6c2ed79a3b767ebab3ef6d0539b908
➜ sha256:3510de8c1e984383ba899f72534bf5b272c9b84d4dcc339967438d31b9e725c9
➜ sha256:4e3a5e519a1879788cb6e065397b6471291e22bd1ad4ed289691313691d366f9
➜ sha256:3e1778f475acf5706bf59be1ec73c86b16b54aa77861120d464270dcbf5c5c87
➜ sha256:caf38e05da5f3dd650a8dca02beb3c9a22292c16b4e9ffaefb32d820ed99e1aa
➜ sha256:1e71ce260d46b838e23bca7e79c48d2f114c2e2284b55be23a50466eff10bb16
➜ sha256:5e91389571e9f636f5bfd81c82353b9ecca3067c570723872c893f9285de1077
➜ sha256:ea0409e68e90e8e45275f51e0166217cfa89ed006c3fabd19a3e92c5cbe5b8d7
➜ sha256:e7ac3b03ac31253c5462f3378171a80fed7a4c203485a6c597f01442c1bf901b
➜ sha256:6717e721e9ccbe53fe515c35fb711c9dc7a5868b64cde26af775994a91ac26be
➜ sha256:6299a4ad4591798665504a6be041457761ee81f8168aa7551b7838db99f5524c
➜ sha256:85027b8618bc8927957ff16ab81f55bb744262c35fafc15dfd3027ef34ff56df
➜ sha256:d053e073f96398914b36bfca40bf7c03e3cb3a04bc73f63565828f532390c920
➜ sha256:96e3393566c8123d7b0fd7a5412aced3d811be6256c984efac0aad4426c060f5
➜ sha256:d6eaa1681a95ade2540c08b8f70b317f3a217b23f3986c5df9790dafa2058214
sbehrens@lgml-sbehrens3 ~/work/bin$ ./hyperclair push redacted:7001/skynet_test:latest client quit unexpectedly
FATA[0000] retrieving internal server IP: retrieving docker0 interface ip: exec: "ip": executable file not found in $PATH
Any ideas?
Check if it's possible to allow user to use the ~/.docker/config.json as login file
docker.io/golang
registry:5000/google/cadvisor
Hello,
I'm trying to perform a analyse of an jgsqware image via Hyperclair but it seems that it is not working for me.
I'm new to Docker as well as CoreOS. Can anyone guide me on this?
Below are the error i got:
Thank You!!
Allow the user to log in to a docker registry with command
hyperclair login <registry>
Login information will be saved in ~/.hyperclair file, encrypted
The tool 'ip' is not available on OSX.
Check how to get docker0 ip on OSX
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.