Clairctl analyze won't give the same result between registry and local #138
Description
Hi,
I have a local registry with clair , clairctl and postgres db in different docker. When I run the claircrl analyze on a local image i got more vulnerabilities than on the same image in repo. Here is the log for both, my docker-compose file and configs.
Log for image local:
docker exec docker_registry_prod_clairctl_1 clairctl analyze test --log-level debug -l
2019-05-17 15:31:31.747573 D | config: Using config file: /home/clairctl/clairctl.yml
2019-05-17 15:31:31.748034 D | dockercli: docker image to save: test:latest
2019-05-17 15:31:31.748043 D | dockercli: saving in: /tmp/clairctl/test/blobs
2019-05-17 15:31:39.725094 I | config: retrieving interface for local IP
2019-05-17 15:31:39.725106 D | config: interface provided, looking for eth0
2019-05-17 15:31:39.725663 D | server: Update local server port from "0" to "45653"
2019-05-17 15:31:39.725671 I | server: Starting Server on 192.168.208.6:45653
2019-05-17 15:31:39.730710 I | config: retrieving interface for local IP
2019-05-17 15:31:39.730721 D | config: interface provided, looking for eth0
2019-05-17 15:31:39.730955 I | clair: using http://192.168.208.6:45653/local as local url
2019-05-17 15:31:39.730963 I | clair: Pushing Layer 1/14 [07a0e96b8ff4]
2019-05-17 15:31:39.731031 D | clair: Saving 07a0e96b8ff484484c8945c750d6fd9c7c1a9a537fbc038850f0f06381974d4c[https:///v2]
2019-05-17 15:31:39.770268 I | clair: Pushing Layer 2/14 [20956cf15560]
2019-05-17 15:31:39.770362 D | clair: Saving 20956cf15560e1d59cb3ba181964072da4a066bd5450bcddac9bba0d79df0fa4[https:///v2]
2019-05-17 15:31:39.808798 I | clair: Pushing Layer 3/14 [bc1ddeffdc55]
2019-05-17 15:31:39.808904 D | clair: Saving bc1ddeffdc55dc4bebfc84502d7920a3fcea0d4d2c345669cbdc0fa2fb2e535a[https:///v2]
2019-05-17 15:31:39.851996 I | clair: Pushing Layer 4/14 [b4fe90d64612]
2019-05-17 15:31:39.852216 D | clair: Saving b4fe90d64612fe1e1009aa75718a21c80719ad925802f6864f25557aa3f4f2a2[https:///v2]
2019-05-17 15:31:39.923668 I | clair: Pushing Layer 5/14 [0584afe9458a]
2019-05-17 15:31:39.923909 D | clair: Saving 0584afe9458ae5129670d248dd71bef10f3748bbb39245c0d450e4ae0264edaf[https:///v2]
2019-05-17 15:31:39.967361 I | clair: Pushing Layer 6/14 [34b05d50f061]
2019-05-17 15:31:39.967708 D | clair: Saving 34b05d50f061fd234a564ebc39685af9d8f60383152e04079c1e4796f27ed9ff[https:///v2]
2019-05-17 15:31:40.013976 I | clair: Pushing Layer 7/14 [b6e95803f5ea]
2019-05-17 15:31:40.014134 D | clair: Saving b6e95803f5eae568a373eea931162812f3f63cf43ef542c327524b3a3b7460d9[https:///v2]
2019-05-17 15:31:40.057678 I | clair: Pushing Layer 8/14 [a55fbc0fdffd]
2019-05-17 15:31:40.057910 D | clair: Saving a55fbc0fdffd58a11ddcf2ee9de89c41f12b70d04e94d8ce138caf73519d08ce[https:///v2]
2019-05-17 15:31:40.103279 I | clair: Pushing Layer 9/14 [1a0a596c1b2b]
2019-05-17 15:31:40.103475 D | clair: Saving 1a0a596c1b2b4eb2d091965b196743f7b990bd2f26a0a3fc99683e02ed5d7411[https:///v2]
2019-05-17 15:31:40.146810 I | clair: Pushing Layer 10/14 [bf5aaa275102]
2019-05-17 15:31:40.147016 D | clair: Saving bf5aaa275102710cc795c5835018154f9f479dfa835808df5a652b52fd58fdfd[https:///v2]
2019-05-17 15:31:40.189045 I | clair: Pushing Layer 11/14 [414f3cff2e7e]
2019-05-17 15:31:40.189303 D | clair: Saving 414f3cff2e7ec8bcb86d0067f34431f5325c110a8e3ba3dca83baa3528636abc[https:///v2]
2019-05-17 15:31:40.232041 I | clair: Pushing Layer 12/14 [68abc9220be9]
2019-05-17 15:31:40.232262 D | clair: Saving 68abc9220be947a6dc9d8956bc450f6262b07da53df8a6e981755d0278f72b11[https:///v2]
2019-05-17 15:31:40.274018 I | clair: Pushing Layer 13/14 [62902b06202f]
2019-05-17 15:31:40.274276 D | clair: Saving 62902b06202f7bd0a591231a833bea13aea8d8d61ab35bc08c11c94e86417f01[https:///v2]
2019-05-17 15:31:40.318613 I | clair: Pushing Layer 14/14 [1a53c7655577]
2019-05-17 15:31:40.318795 D | clair: Saving 1a53c7655577e35ef0cb212a2898c948d07a012a1fbae64f56eb1da8b30f089f[https:///v2]
2019-05-17 15:31:40.376130 I | config: retrieving interface for local IP
2019-05-17 15:31:40.376168 D | config: interface provided, looking for eth0
2019-05-17 15:31:40.376490 I | clair: using http://192.168.208.6:45653/local as local url
2019-05-17 15:31:40.477764 I | clair: analysing layer [1a53c7655577] 1/14
2019-05-17 15:31:40.519753 I | clair: analysing layer [62902b06202f] 2/14
2019-05-17 15:31:40.558834 I | clair: analysing layer [68abc9220be9] 3/14
2019-05-17 15:31:40.590740 I | clair: analysing layer [414f3cff2e7e] 4/14
2019-05-17 15:31:40.627307 I | clair: analysing layer [bf5aaa275102] 5/14
2019-05-17 15:31:40.659379 I | clair: analysing layer [1a0a596c1b2b] 6/14
2019-05-17 15:31:40.698563 I | clair: analysing layer [a55fbc0fdffd] 7/14
2019-05-17 15:31:40.735366 I | clair: analysing layer [b6e95803f5ea] 8/14
2019-05-17 15:31:40.771354 I | clair: analysing layer [34b05d50f061] 9/14
2019-05-17 15:31:40.800977 I | clair: analysing layer [0584afe9458a] 10/14
2019-05-17 15:31:40.817106 I | clair: analysing layer [b4fe90d64612] 11/14
2019-05-17 15:31:40.825605 I | clair: analysing layer [bc1ddeffdc55] 12/14
2019-05-17 15:31:40.834052 I | clair: analysing layer [20956cf15560] 13/14
2019-05-17 15:31:40.839942 I | clair: analysing layer [07a0e96b8ff4] 14/14
Image: /test:latest
14 layers found
➜ Analysis [1a53c7655577] found 732 vulnerabilities.
➜ Analysis [62902b06202f] found 732 vulnerabilities.
➜ Analysis [68abc9220be9] found 732 vulnerabilities.
➜ Analysis [414f3cff2e7e] found 732 vulnerabilities.
➜ Analysis [bf5aaa275102] found 732 vulnerabilities.
➜ Analysis [1a0a596c1b2b] found 732 vulnerabilities.
➜ Analysis [a55fbc0fdffd] found 732 vulnerabilities.
➜ Analysis [b6e95803f5ea] found 732 vulnerabilities.
➜ Analysis [34b05d50f061] found 732 vulnerabilities.
➜ Analysis [0584afe9458a] found 732 vulnerabilities.
➜ Analysis [b4fe90d64612] found 160 vulnerabilities.
➜ Analysis [bc1ddeffdc55] found 131 vulnerabilities.
➜ Analysis [20956cf15560] found 124 vulnerabilities.
➜ Analysis [07a0e96b8ff4] found 81 vulnerabilities.
Log for same repo image
docker exec docker_registry_prod_clairctl_1 clairctl analyze registry:5000/test --log-level debug
2019-05-17 15:31:46.663250 D | config: Using config file: /home/clairctl/clairctl.yml
2019-05-17 15:31:46.663408 D | dockerdist: Downloading manifest for registry:5000/test
2019-05-17 15:31:46.663487 D | dockerdist: Retrieving repository client
2019-05-17 15:31:46.709859 D | dockerdist: endpoint.TLSConfig.InsecureSkipVerify: true
2019-05-17 15:31:46.913353 D | dockerdist: manifest type: *schema1.SignedManifest
2019-05-17 15:31:46.948478 I | config: retrieving interface for local IP
2019-05-17 15:31:46.948497 D | config: interface provided, looking for eth0
2019-05-17 15:31:46.948677 I | clair: Pushing Layer 1/20 [sha256:a3ed9]
2019-05-17 15:31:46.948749 D | clair: Saving sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4[http://registry:5000/v2]
2019-05-17 15:31:46.948812 D | clair: auth.insecureSkipVerify: true
2019-05-17 15:31:46.948827 D | clair: request.URL.String(): http://registry:5000/v2/test/blobs/sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
2019-05-17 15:31:47.040631 I | clair: Pushing Layer 2/20 [sha256:a3ed9]
2019-05-17 15:31:47.040794 D | clair: Saving sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4[http://registry:5000/v2]
2019-05-17 15:31:47.040946 D | clair: auth.insecureSkipVerify: true
2019-05-17 15:31:47.041018 D | clair: request.URL.String(): http://registry:5000/v2/test/blobs/sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
2019-05-17 15:31:47.130683 I | clair: Pushing Layer 3/20 [sha256:5cc73]
2019-05-17 15:31:47.130877 D | clair: Saving sha256:5cc73a8b4a16e461ff55e143e9de07c9eb5e828bde7d0ec3a4a83924aeb52def[http://registry:5000/v2]
2019-05-17 15:31:47.131025 D | clair: auth.insecureSkipVerify: true
2019-05-17 15:31:47.131066 D | clair: request.URL.String(): http://registry:5000/v2/test/blobs/sha256:5cc73a8b4a16e461ff55e143e9de07c9eb5e828bde7d0ec3a4a83924aeb52def
2019-05-17 15:31:47.230299 I | clair: Pushing Layer 4/20 [sha256:9df9b]
2019-05-17 15:31:47.230491 D | clair: Saving sha256:9df9be12625d6590af52b647fa650df0f090a628f6194e25ad0728325515c4e5[http://registry:5000/v2]
2019-05-17 15:31:47.230668 D | clair: auth.insecureSkipVerify: true
2019-05-17 15:31:47.230706 D | clair: request.URL.String(): http://registry:5000/v2/test/blobs/sha256:9df9be12625d6590af52b647fa650df0f090a628f6194e25ad0728325515c4e5
2019-05-17 15:31:47.319725 I | clair: Pushing Layer 5/20 [sha256:ee76f]
2019-05-17 15:31:47.319947 D | clair: Saving sha256:ee76f69cc6a1fb14962f32896398c1117a4963ac17d1bc07cf02482a4ef70be5[http://registry:5000/v2]
2019-05-17 15:31:47.320159 D | clair: auth.insecureSkipVerify: true
2019-05-17 15:31:47.320197 D | clair: request.URL.String(): http://registry:5000/v2/test/blobs/sha256:ee76f69cc6a1fb14962f32896398c1117a4963ac17d1bc07cf02482a4ef70be5
2019-05-17 15:31:47.412483 I | clair: Pushing Layer 6/20 [sha256:33d9c]
2019-05-17 15:31:47.412677 D | clair: Saving sha256:33d9c9be0dfab0496fc769fe211b0df47e4a3cf3ceb4655e0104fdb8d0e6e2ae[http://registry:5000/v2]
2019-05-17 15:31:47.412824 D | clair: auth.insecureSkipVerify: true
2019-05-17 15:31:47.412861 D | clair: request.URL.String(): http://registry:5000/v2/test/blobs/sha256:33d9c9be0dfab0496fc769fe211b0df47e4a3cf3ceb4655e0104fdb8d0e6e2ae
2019-05-17 15:31:47.502580 I | clair: Pushing Layer 7/20 [sha256:6f199]
2019-05-17 15:31:47.502773 D | clair: Saving sha256:6f199524c7fb7226fd56a7f6c393727d08fa5556ebf948451bc57e41e296a893[http://registry:5000/v2]
2019-05-17 15:31:47.502941 D | clair: auth.insecureSkipVerify: true
2019-05-17 15:31:47.502972 D | clair: request.URL.String(): http://registry:5000/v2/test/blobs/sha256:6f199524c7fb7226fd56a7f6c393727d08fa5556ebf948451bc57e41e296a893
2019-05-17 15:31:47.655125 I | clair: Pushing Layer 8/20 [sha256:a3ed9]
2019-05-17 15:31:47.655200 D | clair: Saving sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4[http://registry:5000/v2]
2019-05-17 15:31:47.655255 D | clair: auth.insecureSkipVerify: true
2019-05-17 15:31:47.655266 D | clair: request.URL.String(): http://registry:5000/v2/test/blobs/sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
2019-05-17 15:31:47.733570 I | clair: Pushing Layer 9/20 [sha256:e7562]
2019-05-17 15:31:47.733636 D | clair: Saving sha256:e75626001634887e74e2566731780cf74151e502d62600726c641590cd4e9774[http://registry:5000/v2]
2019-05-17 15:31:47.733685 D | clair: auth.insecureSkipVerify: true
2019-05-17 15:31:47.733699 D | clair: request.URL.String(): http://registry:5000/v2/test/blobs/sha256:e75626001634887e74e2566731780cf74151e502d62600726c641590cd4e9774
2019-05-17 15:31:47.812746 I | clair: Pushing Layer 10/20 [sha256:a3ed9]
2019-05-17 15:31:47.812850 D | clair: Saving sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4[http://registry:5000/v2]
2019-05-17 15:31:47.812925 D | clair: auth.insecureSkipVerify: true
2019-05-17 15:31:47.812937 D | clair: request.URL.String(): http://registry:5000/v2/test/blobs/sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
2019-05-17 15:31:47.900343 I | clair: Pushing Layer 11/20 [sha256:1a3dc]
2019-05-17 15:31:47.900523 D | clair: Saving sha256:1a3dc26a871c1cd5c21e0ab3e6cc9af7dc18c613b6d78b9e7499e1d3df921bf9[http://registry:5000/v2]
2019-05-17 15:31:47.900667 D | clair: auth.insecureSkipVerify: true
2019-05-17 15:31:47.900705 D | clair: request.URL.String(): http://registry:5000/v2/test/blobs/sha256:1a3dc26a871c1cd5c21e0ab3e6cc9af7dc18c613b6d78b9e7499e1d3df921bf9
2019-05-17 15:31:47.992544 I | clair: Pushing Layer 12/20 [sha256:a3ed9]
2019-05-17 15:31:47.992695 D | clair: Saving sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4[http://registry:5000/v2]
2019-05-17 15:31:47.992826 D | clair: auth.insecureSkipVerify: true
2019-05-17 15:31:47.992860 D | clair: request.URL.String(): http://registry:5000/v2/test/blobs/sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
2019-05-17 15:31:48.087313 I | clair: Pushing Layer 13/20 [sha256:983ea]
2019-05-17 15:31:48.087492 D | clair: Saving sha256:983ea4fdf0c23309cb77bc0231a6f797b44adbbc4d25e6b0b3b7f007e3aa6710[http://registry:5000/v2]
2019-05-17 15:31:48.087640 D | clair: auth.insecureSkipVerify: true
2019-05-17 15:31:48.087672 D | clair: request.URL.String(): http://registry:5000/v2/test/blobs/sha256:983ea4fdf0c23309cb77bc0231a6f797b44adbbc4d25e6b0b3b7f007e3aa6710
2019-05-17 15:31:48.175583 I | clair: Pushing Layer 14/20 [sha256:89669]
2019-05-17 15:31:48.175757 D | clair: Saving sha256:89669bc2deb2e52ba42349c17168b131be9016eb9c6ef03cd98218fcd4b7a60e[http://registry:5000/v2]
2019-05-17 15:31:48.175902 D | clair: auth.insecureSkipVerify: true
2019-05-17 15:31:48.175936 D | clair: request.URL.String(): http://registry:5000/v2/test/blobs/sha256:89669bc2deb2e52ba42349c17168b131be9016eb9c6ef03cd98218fcd4b7a60e
2019-05-17 15:31:48.267260 I | clair: Pushing Layer 15/20 [sha256:0c1db]
2019-05-17 15:31:48.267423 D | clair: Saving sha256:0c1db95989906f161007d8ef2a6ef6e0ec64bc15bf2c993fd002edbdfc7aa7df[http://registry:5000/v2]
2019-05-17 15:31:48.267628 D | clair: auth.insecureSkipVerify: true
2019-05-17 15:31:48.267659 D | clair: request.URL.String(): http://registry:5000/v2/test/blobs/sha256:0c1db95989906f161007d8ef2a6ef6e0ec64bc15bf2c993fd002edbdfc7aa7df
2019-05-17 15:31:52.698302 I | clair: adding layer 15/20 [sha256:0c1db]: layer cannot be analyzed
2019-05-17 15:31:52.698319 I | clair: Pushing Layer 16/20 [sha256:5d716]
2019-05-17 15:31:52.698381 D | clair: Saving sha256:5d71636fb824265e30ff34bf20737c9cdc4f5af28b6bce86f08215c55b89bfab[http://registry:5000/v2]
2019-05-17 15:31:52.698421 D | clair: auth.insecureSkipVerify: true
2019-05-17 15:31:52.698431 D | clair: request.URL.String(): http://registry:5000/v2/test/blobs/sha256:5d71636fb824265e30ff34bf20737c9cdc4f5af28b6bce86f08215c55b89bfab
2019-05-17 15:31:54.003755 I | clair: adding layer 16/20 [sha256:5d716]: layer cannot be analyzed
2019-05-17 15:31:54.003772 I | clair: Pushing Layer 17/20 [sha256:087a5]
2019-05-17 15:31:54.003837 D | clair: Saving sha256:087a57faf9491b1b82a83e26bc8cc90c90c30e4a4d858b57ddd5b4c2c90095f6[http://registry:5000/v2]
2019-05-17 15:31:54.003875 D | clair: auth.insecureSkipVerify: true
2019-05-17 15:31:54.003883 D | clair: request.URL.String(): http://registry:5000/v2/test/blobs/sha256:087a57faf9491b1b82a83e26bc8cc90c90c30e4a4d858b57ddd5b4c2c90095f6
2019-05-17 15:31:54.173160 I | clair: adding layer 17/20 [sha256:087a5]: layer cannot be analyzed
2019-05-17 15:31:54.173176 I | clair: Pushing Layer 18/20 [sha256:d6341]
2019-05-17 15:31:54.173229 D | clair: Saving sha256:d6341e30912f12f56e18564a3b582853f65376766f5f9d641a68a724ed6db88f[http://registry:5000/v2]
2019-05-17 15:31:54.173283 D | clair: auth.insecureSkipVerify: true
2019-05-17 15:31:54.173294 D | clair: request.URL.String(): http://registry:5000/v2/test/blobs/sha256:d6341e30912f12f56e18564a3b582853f65376766f5f9d641a68a724ed6db88f
2019-05-17 15:31:54.483640 I | clair: adding layer 18/20 [sha256:d6341]: layer cannot be analyzed
2019-05-17 15:31:54.483677 I | clair: Pushing Layer 19/20 [sha256:a3ed9]
2019-05-17 15:31:54.483732 D | clair: Saving sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4[http://registry:5000/v2]
2019-05-17 15:31:54.483777 D | clair: auth.insecureSkipVerify: true
2019-05-17 15:31:54.483788 D | clair: request.URL.String(): http://registry:5000/v2/test/blobs/sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
2019-05-17 15:31:54.577537 I | clair: Pushing Layer 20/20 [sha256:54f7e]
2019-05-17 15:31:54.577709 D | clair: Saving sha256:54f7e8ac135a5f502a6ee9537ef3d64b1cd2fa570dc0a40b4d3b6f7ac81e7486[http://registry:5000/v2]
2019-05-17 15:31:54.577864 D | clair: auth.insecureSkipVerify: true
2019-05-17 15:31:54.577898 D | clair: request.URL.String(): http://registry:5000/v2/test/blobs/sha256:54f7e8ac135a5f502a6ee9537ef3d64b1cd2fa570dc0a40b4d3b6f7ac81e7486
2019-05-17 15:31:54.666365 I | config: retrieving interface for local IP
2019-05-17 15:31:54.666410 D | config: interface provided, looking for eth0
2019-05-17 15:31:54.719192 I | clair: analysing layer [sha256:54f7e] 1/20
2019-05-17 15:31:54.722862 I | clair: analysing layer [sha256:a3ed9] 2/20
2019-05-17 15:31:54.726873 E | clair: analysing layer [sha256:d6341] 3/20: receiving http error: 404
2019-05-17 15:31:54.732323 E | clair: analysing layer [sha256:087a5] 4/20: receiving http error: 404
2019-05-17 15:31:54.735290 E | clair: analysing layer [sha256:5d716] 5/20: receiving http error: 404
2019-05-17 15:31:54.736206 E | clair: analysing layer [sha256:0c1db] 6/20: receiving http error: 404
2019-05-17 15:31:54.738208 I | clair: analysing layer [sha256:89669] 7/20
2019-05-17 15:31:54.740202 I | clair: analysing layer [sha256:983ea] 8/20
2019-05-17 15:31:54.742232 I | clair: analysing layer [sha256:a3ed9] 9/20
2019-05-17 15:31:54.744087 I | clair: analysing layer [sha256:1a3dc] 10/20
2019-05-17 15:31:54.747119 I | clair: analysing layer [sha256:a3ed9] 11/20
2019-05-17 15:31:54.749111 I | clair: analysing layer [sha256:e7562] 12/20
2019-05-17 15:31:54.751003 I | clair: analysing layer [sha256:a3ed9] 13/20
2019-05-17 15:31:54.757755 I | clair: analysing layer [sha256:6f199] 14/20
2019-05-17 15:31:54.760499 I | clair: analysing layer [sha256:33d9c] 15/20
2019-05-17 15:31:54.762784 I | clair: analysing layer [sha256:ee76f] 16/20
2019-05-17 15:31:54.764951 I | clair: analysing layer [sha256:9df9b] 17/20
2019-05-17 15:31:54.766842 I | clair: analysing layer [sha256:5cc73] 18/20
2019-05-17 15:31:54.768651 I | clair: analysing layer [sha256:a3ed9] 19/20
2019-05-17 15:31:54.770274 I | clair: analysing layer [sha256:a3ed9] 20/20
Image: registry:5000/registry:5000/test:latest
16 layers found
➜ Analysis [sha256:54f7e] found 81 vulnerabilities.
➜ Analysis [sha256:a3ed9] found 0 vulnerabilities.
➜ Analysis [sha256:89669] found 0 vulnerabilities.
➜ Analysis [sha256:983ea] found 0 vulnerabilities.
➜ Analysis [sha256:a3ed9] found 0 vulnerabilities.
➜ Analysis [sha256:1a3dc] found 0 vulnerabilities.
➜ Analysis [sha256:a3ed9] found 0 vulnerabilities.
➜ Analysis [sha256:e7562] found 0 vulnerabilities.
➜ Analysis [sha256:a3ed9] found 0 vulnerabilities.
➜ Analysis [sha256:6f199] found 0 vulnerabilities.
➜ Analysis [sha256:33d9c] found 0 vulnerabilities.
➜ Analysis [sha256:ee76f] found 0 vulnerabilities.
➜ Analysis [sha256:9df9b] found 0 vulnerabilities.
➜ Analysis [sha256:5cc73] found 0 vulnerabilities.
➜ Analysis [sha256:a3ed9] found 0 vulnerabilities.
➜ Analysis [sha256:a3ed9] found 0 vulnerabilities.
Here is my docker-compose file:
version: '2.1'
volumes:
registryVolume: {}
services:
postgres:
image: postgres:9.6
restart: unless-stopped
volumes:
- ./docker-compose-data/postgres-data/:/var/lib/postgresql/data:rw
ports:
- "5432:5432"
environment:
- POSTGRES_PASSWORD=PWD
- POSTGRES_USER=clair
- POSTGRES_DB=clair
clair:
image: quay.io/coreos/clair:latest
restart: unless-stopped
user : "root:979"
ports:
- "6060:6060"
volumes:
- ./docker-compose-data/clair-config/:/config/:ro
- ./docker-compose-data/clair-tmp/:/tmp/:rw
- ./docker-compose-data/deamon_config/:/etc/docker/:rw
depends_on:
postgres:
condition: service_started
command: [--log-level=debug, --config, /config/config.yml]
clairctl:
image: jgsqware/clairctl:latest
user : "root:979"
restart: unless-stopped
environment:
- DOCKER_API_VERSION=1.24
- API_URL=clair:6060
volumes:
- ./docker-compose-data/clairctl-reports/:/reports/:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./docker-compose-data/deamon_config/:/etc/docker/:rw
- ./docker-compose-data/clairctl-config/:/home/clairctl/:ro
depends_on:
clair:
condition: service_started
frontend:
image: konradkleine/docker-registry-frontend:v2
ports:
- "8080:80"
environment:
- ENV_DOCKER_REGISTRY_HOST=registry
- ENV_DOCKER_REGISTRY_PORT=5000
- ENV_MODE_BROWSE_ONLY=false
registry:
restart: always
image: registry:2.2.0
volumes:
- registryVolume:/var/lib/registry
ports:
- "5000:5000"`
Config for clair file
clair:
database:
type: pgsql
options:
source: postgresql://clair:PWD@postgres:5432/clair?sslmode=disable
cachesize: 16384
api:
port: 6060
healthport: 6061
uri: http://clair
timeout: 900s
updater:
interval: 2h
notifier:
attempts: 3
renotifyinterval: 2h
docker:
insecure-registries:
- "registry:5000"
Config for clairctl
clairctl:
interface: eth0
clair:
port: 6060
healthPort: 6061
request:
host: HOST
headers:
myHeader: header
uri: http://clair
report:
path: ./reports
format: html
docker:
insecure-registries:
- "registry:5000"
I suppose that the good report is the one from local because he is able to read all layers.
I didn't find any solution online and I also note that in the claitctl github video : https://asciinema.org/a/41461 , the user have the different result between local and repo.
thanks for your help.