CoreOS wants to make container contents more visible and verifiable with the latest release of its open-source vulnerability static analysis solution for containers. The company announced Clair 2.0 at its CoreOS Fest conference this week.
Clair was first released in November 2015 to help developers understand what was going on inside their container images. It lives at the heart of the company’s Quay Security Scanning solution, but is also used for container image scanning in other projects.
“Clair performs static analysis of container images and correlates their contents with public vulnerability databases,” Jimmy Zelinskie, software engineer at CoreOS, wrote in a post.
Clair 2.0 features an understanding for new base operating system images, identifies flaws and vulnerabilities in container images based on Alpine Linux and Oracle Linux, and adds improved comprehension to its list of supported base systems and package managers.
According to Brandon Philips, CTO of CoreOS, this release is just another step in the company’s open-source strategy. Since 2013, CoreOS has launched more than 100 open-source projects, built Container Linux, and created CNCF projects like rkt and CNI.
“Clearly we, as software engineers and administrators, are outnumbered. Open source software is the key to making this proliferation an asset, by collaborating across a diverse environment on the hardest operational problems, such as maintaining security, reliability, and portability,” Philips wrote in a post.