clair:database:type:pgsqloptions:# A PostgreSQL Connection string pointing to the Clair Postgres database.# Documentation on the format can be found at: http://www.postgresql.org/docs/9.4/static/libpq-connect.html#source: postgresql://postgres:L36PrivxRB02bqOB9jtZtWiCcMsApOGn@postgres:5432/clairtest?sslmode=disablesource:postgresql://postgres:L36PrivxRB02bqOB9jtZtWiCcMsApOGn@postgres:5432/clairtest?sslmode=disablecachesize:16384api:# The port at which Clair will report its health status. For example, if Clair is running at# https://clair.mycompany.com, the health will be reported at# http://clair.mycompany.com:6061/health.healthport:6061port:6062timeout:900s# paginationkey can be any random set of characters. *Must be the same across all Clair instances*.paginationkey:updater:# interval defines how often Clair will check for updates from its upstream vulnerability databases.interval:6hnotifier:attempts:3renotifyinterval:1hhttp:# QUAY_ENDPOINT defines the endpoint at which Quay is running.# For example: https://myregistry.mycompany.comendpoint:https://quay.openshift.pub/secscan/notifyproxy:http://localhost:6063jwtproxy:signer_proxy:enabled:truelisten_addr::6063ca_key_file:/certificates/mitm.key# Generated internally, do not change.ca_crt_file:/certificates/mitm.crt# Generated internally, do not change.signer:issuer:security_scannerexpiration_time:5mmax_skew:1mnonce_length:32private_key:type:autogeneratedoptions:rotate_every:12hkey_folder:/clair/config/key_server:type:keyregistryoptions:# QUAY_ENDPOINT defines the endpoint at which Quay is running.# For example: https://myregistry.mycompany.comregistry:https://quay.openshift.pub/keys/verifier_proxies:-enabled:true# The port at which Clair will listen.listen_addr::6060# If Clair is to be served via TLS, uncomment these lines. See the "Running Clair under TLS"# section below for more information.# key_file: /clair/config/clair.key# crt_file: /clair/config/clair.crtverifier:# CLAIR_ENDPOINT is the endpoint at which this Clair will be accessible. Note that the port# specified here must match the listen_addr port a few lines above this.# Example: https://myclair.mycompany.com:6060audience:http://clair:6060upstream:http://localhost:6062key_server:type:keyregistryoptions:# QUAY_ENDPOINT defines the endpoint at which Quay is running.# Example: https://myregistry.mycompany.comregistry:https://quay.openshift.pub/keys/
jwtproxy:signer_proxy:enabled:truelisten_addr::6063ca_key_file:/certificates/mitm.key# Generated internally, do not change.ca_crt_file:/certificates/mitm.crt# Generated internally, do not change.signer:issuer:security_scannerexpiration_time:5mmax_skew:1mnonce_length:32private_key:type:presharedoptions:# The ID of the service key generated for Clair. The ID is returned when setting up# the key in [Quay Setup](security-scanning.md)key_id:9c663f02c9fa83cd0f6499b...............55a7f08593d21b776d58private_key_path:/clair/config/security_scanner.pem
docker exec -ti clairdb bash
psql -U postgres
SELECT * FROM pg_catalog.pg_tables where schemaname not in ( 'pg_catalog','information_schema' );
postgres=# SELECT * FROM pg_catalog.pg_tables where schemaname not in ( 'pg_catalog','information_schema' );
schemaname | tablename | tableowner | tablespace | hasindexes | hasrules | hastriggers | rowsecurity
------------+--------------------------------------+------------+------------+------------+----------+-------------+-------------
public | schema_migrations | postgres | | t | f | f | f
public | layer | postgres | | t | f | t | f
public | layer_diff_featureversion | postgres | | t | f | t | f
public | namespace | postgres | | t | f | t | f
public | feature | postgres | | t | f | t | f
public | featureversion | postgres | | t | f | t | f
public | vulnerability_fixedin_feature | postgres | | t | f | t | f
public | vulnerability_affects_featureversion | postgres | | t | f | t | f
public | keyvalue | postgres | | t | f | f | f
public | lock | postgres | | t | f | f | f
public | vulnerability | postgres | | t | f | t | f
public | vulnerability_notification | postgres | | t | f | t | f
(12 rows)
curl -I -X GET http://localhost:6061/health
HTTP/1.1 200 OK
Server: clair
Date: Sun, 08 Mar 2020 19:50:25 GMT
Content-Length: 0
curl -L -O https://github.com/arminc/clair-scanner/releases/download/v12/clair-scanner_linux_amd64
chmod +x clair-scanner_linux_amd64
Empty vulnerability database! It takes several minutes to fetch vulnerability data.
During the first run, Clair will bootstrap its database with vulnerability data from the configured data sources. It can take several minutes before the database has been fully populated, but once this data is stored in the database, subsequent updates will take far less time.
Source
Check vulnerability database: docker exec -ti clairdb sh -c "echo 'SELECT count(*) FROM public.vulnerability;' | psql -U postgres"