Giters

quay / clair

Vulnerability Static Analysis for Containers

Home Page:https://quay.github.io/clair/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Support ecosystem configuration

klr8 opened this issue · comments

commented

Description of Problem / Feature Request

Clair does not pass any ecosystem configuration to LibIndex:
https://github.com/quay/clair/blob/main/initialize/services.go#L117
https://github.com/quay/clair/blob/main/initialize/services.go#L172

Consequently LibIndex will use its default set of ecosystems:
https://github.com/quay/claircore/blob/main/libindex/opts.go#L77

As you can see the "java" ecosystem is among the defaults. We use Whitesource for Java dependency vulnerability scanning and would like to disable the "java" ecosystem when running Clair since it is giving us some issues.

It would be nice to be able to configure the active ecosystems via Clair configuration.

Environment

N/A