clair returns ok
netcat2024 opened this issue · comments
Description of Problem / Feature Request
when calling Clair it always return OK
Expected Outcome
Clair should report vulnerabilities
Actual Outcome
command:
clairctl -D report ubuntu:focal
return:
2024-02-19T17:08:48+08:00 DBG enabling signing for authorities authorities=["clair-indexer:6060","clair-matcher:6060","webhook-target"]
2024-02-19T17:08:48+08:00 DBG fetching ref=ubuntu:focal
2024-02-19T17:08:48+08:00 DBG using text output
2024-02-19T17:08:50+08:00 DBG found manifest digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal
2024-02-19T17:08:50+08:00 DBG requesting index_report attempt=1 digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal
2024-02-19T17:08:55+08:00 DBG digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 method=GET path=/indexer/api/v1/index_report/sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal status="404 Not Found"
2024-02-19T17:08:55+08:00 DBG don't have needed manifest digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 manifest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal
2024-02-19T17:08:57+08:00 DBG found manifest digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal
2024-02-19T17:08:57+08:00 DBG found layers count=1 digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal
2024-02-19T17:08:59+08:00 DBG requesting index_report attempt=2 digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal
2024-02-19T17:09:00+08:00 DBG digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 method=GET path=/indexer/api/v1/index_report/sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal status="200 OK"
2024-02-19T17:09:07+08:00 DBG digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 method=POST path=/indexer/api/v1/index_report ref=ubuntu:focal status="201 Created"
2024-02-19T17:09:07+08:00 DBG setting validator digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 path=/indexer/api/v1/index_report/sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal validator="\"746c21e6e713e5208118f7d54c52e391\""
2024-02-19T17:10:02+08:00 DBG digest=sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 method=GET path=/matcher/api/v1/vulnerability_report/sha256:a4fab1802f08df089c4b2e0a1c8f1a06f573bd1775687d07fef4076d3a2e4900 ref=ubuntu:focal status="200 OK"
ubuntu:focal ok
Environment
clairctl's config.yaml
---
log_level: debug-color
introspection_addr: ":8089"
http_listen_addr: ":6060"
updaters:
sets:
- ubuntu
- debian
- rhel
- alpine
- osv
auth:
psk:
key: 'c2VjcmV0'
iss:
- quay
- clairctl
indexer:
connstring: host=clair-database user=clair dbname=indexer sslmode=disable
scanlock_retry: 10
layer_scan_concurrency: 5
migrations: true
matcher:
indexer_addr: http://clair-indexer:6060/
connstring: host=clair-database user=clair dbname=matcher sslmode=disable
max_conn_pool: 100
migrations: true
matchers: {}
notifier:
indexer_addr: http://clair-indexer:6060/
matcher_addr: http://clair-matcher:6060/
connstring: host=clair-database user=clair dbname=notifier sslmode=disable
migrations: true
delivery_interval: 30s
poll_interval: 1m
webhook:
target: "http://webhook-target/"
callback: "http://clair-notifier:6060/notifier/api/v1/notification/"
# amqp:
# direct: true
# exchange:
# name: ""
# type: "direct"
# durable: true
# auto_delete: false
# uris: ["amqp://guest:guest@clair-rabbitmq:5672/"]
# routing_key: "notifications"
# callback: "http://clair-notifier/notifier/api/v1/notification"
# tracing and metrics config
trace:
name: "jaeger"
# probability: 1
jaeger:
agent:
endpoint: "clair-jaeger:6831"
service_name: "clair"
metrics:
name: "prometheus"
clair :
download the newest version clair
and then :
cd clair-v4.7.2
docker-compose up -d
- Clair version/image: 4.72
- Clair client name/version: clairctl version v4.7.2 (claircore v1.5.19)
- Host OS: ubuntu 20.04
- Kernel (e.g.
uname -a
): Linux deng-VirtualBox 5.15.0-92-generic #102~20.04.1-Ubuntu SMP Mon Jan 15 13:09:14 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux - Kubernetes version (use
kubectl version
): n/a - Network/Firewall setup: n/a
Please provide the Clair logs and the JSON output from clairctl
.
Please provide the Clair logs and the JSON output from
clairctl
.
Can you tell me how to provide the Clair logs and the JSON output from clairctl
? I don't know how to collect these information.
I found the answer.
change docker-compose up -d
to docker-compose --profile debug up
. It can report vulnerabilities.
I believe the example configuration also drifted over time; we've updated that and the documentation. Glad you got things working.