Clair

Clair performs static analysis of vulnerabilities in application containers, including OCI and Docker images. Teams can index container images and match them against known vulnerabilities before they reach production.

Clients submit images through the Clair API to index them and check for matching vulnerabilities. The goal is a more transparent view of the security of container-based infrastructure, with stable binaries provided through tagged releases.

Clair runs as a self-hosted service under the Apache 2.0 license. It fits into container security workflows and analyzes images on demand, giving teams an automated way to spot known CVEs in the layers they ship.