Clair

PreviousVulnerability Scanning NextTrivy

Last updated 9 hours ago

Was this helpful?

Clair

Prerequisite

For OSS users: Please ensure that integration is installed.

For Enterprise Users: Build and Deploy (CI/CD) integration is installed by default.

Clair integration enables you to scan the vulnerabilities of the images during the time of image build only.

While building the container images, it is important to know how secure the application is, before it is deployed. In the application's source code, third party and outdated libraries might be used, which can add vulnerabilities to the images we deploy. Devtron provides Clair integration for scanning vulnerabilities of the images.

Install Clair Integration

For Enterprise Users

To enable Clair integration for Devtron Enterprise (managed by Devtron), contact your Devtron representative.

In case you are self-managing the Devtron Enterprise, refer to the steps mentioned in [For OSS and Self-Managed Devtron Enterprise Users] (#for-oss-and-self-managed-devtron-enterprise-users) to enable Clair integration.

For OSS Users

To install Clair integration, follow the steps:

On the Devtron Stack Manager > Discover page, click the Vulnerability Scanning (Clair).
On the Discover Integrations/Vulnerability Scanning (Clair) page, click Install.

Note: In case, Trivy is already installed, you also need to enable Clair integration after installation.

The installation status may be one of the following:

Installation status

Description

Install

The integration is not yet installed.

Initializing

The installation is being initialized.

Installing

The installation is in progress. The logs are available to track the progress.

Failed

Installed

The integration is successfully installed and available on the Installed page.

Request timed out

A list of installed integrations can be viewed on the Devtron Stack Manager > Installed page.

Features:

You can enable image scanning if it is required.
You can set security policies according to your requirements.
If you set security policies to block, it blocks the deployment of the application.
Ability to define hierarchical security policy (Global / Cluster / Environment / Application) to allow / block vulnerabilities based on criticality (High / Moderate / Low).
Compares the vulnerabilities against a whitelist.
Shows security vulnerabilities detected in the deployed applications.

PreviousVulnerability Scanning NextTrivy

Last updated 9 hours ago

Was this helpful?

Prerequisite

For OSS users: Please ensure that integration is installed.

For Enterprise Users: Build and Deploy (CI/CD) integration is installed by default.

Clair integration enables you to scan the vulnerabilities of the images during the time of image build only.

Install Clair Integration

For Enterprise Users

To enable Clair integration for Devtron Enterprise (managed by Devtron), contact your Devtron representative.

For OSS Users

To install Clair integration, follow the steps:

On the Devtron Stack Manager > Discover page, click the Vulnerability Scanning (Clair).
On the Discover Integrations/Vulnerability Scanning (Clair) page, click Install.

Note: In case, Trivy is already installed, you also need to enable Clair integration after installation.

The installation status may be one of the following:

Installation status

Description

Install

The integration is not yet installed.

Initializing

The installation is being initialized.

Installing

The installation is in progress. The logs are available to track the progress.

Failed

Installation failed, and the logs are available to troubleshoot. You can retry the installation or .

Installed

The integration is successfully installed and available on the Installed page.

Request timed out

The request to install has hit the maximum number of retries. You may retry the installation or for further assistance.

A list of installed integrations can be viewed on the Devtron Stack Manager > Installed page.

To update an installed integration, please .

Features:

You can enable image scanning if it is required.
You can set security policies according to your requirements.
If you set security policies to block, it blocks the deployment of the application.
Ability to define hierarchical security policy (Global / Cluster / Environment / Application) to allow / block vulnerabilities based on criticality (High / Moderate / Low).
Compares the vulnerabilities against a whitelist.
Shows security vulnerabilities detected in the deployed applications.