
CoreOS Delivers on Security with v1.0 of Clair Container Image Analyzer - Artemis2
https://coreos.com/blog/clair-v1.html
======
BRock97
Last time I played with Clair, it would say my image had numerous
vulnerabilities even though I would update the base image. Turns out, it was
reporting older layers were vulnerable even though the issue was patched in a
newer layer. Does anyone know if that's the case? I can't seem to find any
information on the matter.

~~~
QuentinM
I have never heard of that. Could you please try again? If you can repro, open
an issue and I'll be glad to fix it. Clair now tells the layer in which a
vulnerability has been detected, the package name and version that cause it
and how it can be fixed. It should definitely help.

------
rwmj
openscap has been able to do this either on an installed system or on a chroot
for years. But "containers", so it's all new and exciting, and definitely
nothing like chroot/jails.

~~~
xkarga00
openscap works with containers too

[https://martin.preisler.me/2015/11/atomic-scan-and-
openscap-...](https://martin.preisler.me/2015/11/atomic-scan-and-openscap-
daemon/)

~~~
rwmj
Erm, that's what I said.

