clair
Vulnerability Static Analysis for Containers
APACHE-2.0 License
Bot releases are hidden (Show)
Published by ldelossa about 4 years ago
commit dcf2adb5fef0ec61746812f7930c9eb6923400e4 (HEAD -> release-2.0, tag: v2.1.6, origin/release-2.0)
Author: nycnewman [email protected]
Date: Mon Aug 3 14:17:15 2020 -0400
Remove extra go modules
Signed-off-by: nycnewman <[email protected]>
commit f209ef1618aa2a7bb4bc620b039caaab3ce977f5
Author: nycnewman [email protected]
Date: Tue Jul 28 20:11:26 2020 -0400
Fixes for V2 for alpine, rhel, nvd, and ubuntu
Signed-off-by: nycnewman <[email protected]>
Published by ldelossa about 4 years ago
commit 5fe11e67793b9508a0fe4fe8f0b6ec5bd358cdd0 (HEAD -> release-2.0, tag: v2.1.5, origin/release-2.0)
Author: Karsten W. Rohrbach [email protected]
Date: Mon Sep 28 10:20:04 2020 +0200
Use NVD 1.1 feed
NVD 1.0 feed is no longer available which seems to break classification of finding criticality.
Signed-off-by: Karsten W. Rohrbach <[email protected]>
Published by ldelossa over 4 years ago
v2.1.4 release with the following maintenance commits
commit a3b6218fb6e4c4f343d822ce1a01e2afcf2250d1
Author: Alex Samorukov [email protected]
Date: Thu May 28 01:02:12 2020 +0200
Remove reference to non-existing com.redhat.rhsa-RHEL3.xml (#988)
Signed-off-by: Oleksii Samorukov <[email protected]>
Co-authored-by: Louis DeLosSantos <[email protected]>
commit d82e9b0e20345e29178bd277a1305037af870d02
Author: aviadatsnyk [email protected]
Date: Mon May 25 17:18:37 2020 +0300
feat: support ubuntu 20.04 (#987)
Signed-off-by: Aviad Reich <[email protected]>
Published by ldelossa over 4 years ago
This release adds ubuntu support for newer releases and fixes an issue where RHEL updaters bailed to quickly.
Published by ldelossa over 4 years ago
This alpha release adds api changes, various bug fixes and a bump to CC v0.0.20.
Published by hdonnay over 4 years ago
This is an alpha of v4 cut mostly to test the release automation.
Published by ldelossa almost 5 years ago
Fix rhel updater #887
Published by ldelossa almost 5 years ago
This tag marks the organization change from coreos/clair to quay/clair and the code changes necessary to support this.
Published by ldelossa almost 5 years ago
This tag marks the organization change from coreos/clair to quay/clair and the code changes necessary to support this.
Published by ldelossa almost 5 years ago
- Replace NVD xml source with NVD JSON source
Published by jzelinskie about 5 years ago
- Added Debian Bullseye and bumped Debian version mappings (thanks @imlonghao)
Published by jzelinskie over 5 years ago
- Switched to a static TLS Cipher Suite that does not use 3DES, protecting clients from suffering from Sweet32
- Fixed debugging log lines that were being printed always
- Added exponential backoff for updater failures (thanks @reasonerjt)
Published by jzelinskie almost 6 years ago
This release includes a fix for mapping Ubuntu Cosmic to the proper namespace.
Published by jzelinskie about 6 years ago
This release includes two fixes:
- NVD has moved onto AWS. We've updated to use that more scalable
database. - HTTP requests now have a useragent to allow internal and external
networks to segment traffic. Thanks to Jean Michel MacKay (@MackJM)
Published by jzelinskie about 6 years ago
This release points Clair to Alpine Security DB to a GitHub repository because their servers were unable to handle the traffic from Clair users.
Thanks to Daniel Jiang (@reasonerjt)
Published by jzelinskie over 6 years ago
- Huge thanks to Jean Michel MacKay (@MackJM) who updated Clair to pull from Ubuntu's new git repository -- this removes the dependency on bzr, which has previously caused networking and performance problems.
- Thanks to Nick Johns (@ninjaMog) who updated Clair to use HTTPS for NVD metadata source and patched Clair to temporarily point to the new location for the archived Ubuntu bzr repository.
Published by jzelinskie over 6 years ago
This release contains two bug fixes:
- Upgrade to Go 1.10 to fix binding to "0.0.0.0" on IPv4-only systems
- Thanks to @usr42 and @hhomar
- Add Ubuntu Bionic namespace detection
- Thanks @qeqar
Published by bison over 6 years ago
This release contains two bug fixes:
- Updater: Sleep before continuing the lock loop.
- Correctly identify RHEL images.
- Thanks @joerayme!
Published by jzelinskie over 7 years ago
This release contains two bug fixes:
- Upgrade Debian release mapping to newly released Debian versions
- Thanks Renzo Toma
- Fix Ubuntu release mapping to properly strip extraneous data extracted from a layer
- Thanks Alina Radu
Published by jzelinskie over 7 years ago
This major release of Clair contains:
1 Breaking Change:
- Config Files must be updated to a new format for specifying database connections
Major Features:
- Alpine Linux support (apk format, Alpine-SecDB source)
- Oracle Linux support (Oracle Linux Security Database source)
- Introduced Version Formats for more accurate comparisons (e.g. rpm, dpkg)
- Migrated to structured logging via JSON
Minor Features:
- Various readability improvements to errors and documentation
