Comments (11)
MansM
commented on June 12, 2024
11
ok, found the solution for my issue: dont use quay.io/coreos/clair-git as image...
using quay.io/coreos/clair worked fine :-)
from klar.
grebois
commented on June 12, 2024
@hashmap is there any way to get a more verbose output? now I'm just getting;
$ CLAIR_ADDR=192.168.99.100 CLAIR_OUTPUT=High CLAIR_THRESHOLD=10 klar postgres:latest
Can't pull fsLayers
from klar.
hashmap
commented on June 12, 2024
@grebois thanks for the report, could you build a binary from the source? Use this branch https://github.com/optiopay/klar/tree/remove-distribution-list or let me know - I can provide you with the binary for your OS.
from klar.
grebois
commented on June 12, 2024
@hashmap sure, this is the output;
$ git clone [email protected]:optiopay/klar.git
Cloning into 'klar'...
remote: Counting objects: 214, done.
remote: Compressing objects: 100% (9/9), done.
remote: Total 214 (delta 3), reused 7 (delta 2), pack-reused 203
Receiving objects: 100% (214/214), 291.97 KiB | 73.00 KiB/s, done.
Resolving deltas: 100% (98/98), done.
$ git checkout remove-distribution-list
fatal: Not a git repository (or any of the parent directories): .git
$ cd klar/
$ git checkout
Your branch is up-to-date with 'origin/master'.
$ git checkout remove-distribution-list
Branch remove-distribution-list set up to track remote branch remove-distribution-list from origin.
Switched to a new branch 'remove-distribution-list'
$ go build .
$ ls
Dockerfile LICENSE README.md assets clair docker klar main.go
$ ./klar
Image name must be provided
$ CLAIR_ADDR=192.168.99.100 CLAIR_OUTPUT=High CLAIR_THRESHOLD=10 ./klar postgres:latest
Can't pull fsLayers
$
from klar.
xueshanf
commented on June 12, 2024
@hashmap same here. Both v1.4.1 and the build from remove-distribution-list branch return Can't pull fsLayers. Images can be scanned before with v1.4.1 now getting this error. Older build (docker 1.9) postgres:9.5.2still can be scanned, but postgres:latest cannot.
from klar.
hashmap
commented on June 12, 2024
Please try v1.5 RC1 https://github.com/optiopay/klar/releases/tag/1.5-RC1
from klar.
xueshanf
commented on June 12, 2024
@hashmap 1.5-rc1 works! I built docker image and it is available here: https://hub.docker.com/r/xueshanf/klar/.
from klar.
hashmap
commented on June 12, 2024
If you still have any issues please try https://github.com/optiopay/klar/releases/tag/v1.5-RC2 it's basically the same version but with simple tracing support, specify env var to enable it: KLAR_TRACE=true
from klar.
MansM
commented on June 12, 2024
I am still getting this issue, but when googling around I noticed clairctl has the same issue due a change in the docker hub output ( see jgsqware/clairctl#93 (comment) ). Maybe related?
from klar.
hashmap
commented on June 12, 2024
@MansM could you try to run https://github.com/optiopay/klar/releases/tag/v1.5-RC2 with KLAR_TRACE=true env var and share output here?
from klar.
MansM
commented on June 12, 2024
KLAR_TRACE=true CLAIR_ADDR=http://clair.example.com:80 ./klar-1.5-RC2-osx-amd64 centos:7
----> HTTP REQUEST:
GET /v2/library/centos/manifests/7 HTTP/1.1
Host: registry-1.docker.io
Accept: application/vnd.docker.distribution.manifest.v2+json
<---- HTTP RESPONSE:
HTTP/1.1 401 Unauthorized
Content-Length: 157
Content-Type: application/json; charset=utf-8
Date: Mon, 09 Oct 2017 08:39:14 GMT
Docker-Distribution-Api-Version: registry/2.0
Strict-Transport-Security: max-age=31536000
Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:library/centos:pull"
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"repository","Class":"","Name":"library/centos","Action":"pull"}]}]}
----> HTTP REQUEST:
GET /v2/library/centos/manifests/7 HTTP/1.1
Host: registry-1.docker.io
Accept: application/vnd.docker.distribution.manifest.v2+json
Authorization: Bearer eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlDTHpDQ0FkU2dBd0lCQWdJQkFEQUtCZ2dxaGtqT1BRUURBakJHTVVRd1FnWURWUVFERXp0Uk5Gb3pPa2RYTjBrNldGUlFSRHBJVFRSUk9rOVVWRmc2TmtGRlF6cFNUVE5ET2tGU01rTTZUMFkzTnpwQ1ZrVkJPa2xHUlVrNlExazFTekFlRncweE56QTFNREl5TWpBME5UZGFGdzB4T0RBMU1ESXlNakEwTlRkYU1FWXhSREJDQmdOVkJBTVRPMDFPTms0NlJraFVWenBKV0VWSE9rOUpOMUU2UVRWWFJqcFpSRVUwT2pkRE4wNDZSMWRKVVRvMVZ6STNPa2hPTlVvNlZVNURRVG95U0UxQ01Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRU5KRklhQ1hHNWYxSk9BZnZSaTJDU081K1Q5RVpKd2doai9SUXgzNW9Uc3Q4RnhXY0dRc3ZOMG5sdW5DVVdIbENxN2I4NFJRTXV0WUVIUnY4MVhweTU2T0JzakNCcnpBT0JnTlZIUThCQWY4RUJBTUNCNEF3RHdZRFZSMGxCQWd3QmdZRVZSMGxBREJFQmdOVkhRNEVQUVE3VFU0MlRqcEdTRlJYT2tsWVJVYzZUMGszVVRwQk5WZEdPbGxFUlRRNk4wTTNUanBIVjBsUk9qVlhNamM2U0U0MVNqcFZUa05CT2pKSVRVSXdSZ1lEVlIwakJEOHdQWUE3VVRSYU16cEhWemRKT2xoVVVFUTZTRTAwVVRwUFZGUllPalpCUlVNNlVrMHpRenBCVWpKRE9rOUdOemM2UWxaRlFUcEpSa1ZKT2tOWk5Vc3dDZ1lJS29aSXpqMEVBd0lEU1FBd1JnSWhBSTJVUlpMQVRTM3R4bjNpNTY0SXVQSFEwQU1Mb1g5cTZCMmdnN01KSHJuTkFpRUE0Q3lzbmtENHhjQm42amdobVdnQzczQjdGVkszenFnOTV4ZjNRK2xGVHlrPSJdfQ.eyJhY2Nlc3MiOlt7InR5cGUiOiJyZXBvc2l0b3J5IiwibmFtZSI6ImxpYnJhcnkvY2VudG9zIiwiYWN0aW9ucyI6WyJwdWxsIl19XSwiYXVkIjoicmVnaXN0cnkuZG9ja2VyLmlvIiwiZXhwIjoxNTA3NTM4NjU0LCJpYXQiOjE1MDc1MzgzNTQsImlzcyI6ImF1dGguZG9ja2VyLmlvIiwianRpIjoiSzRmY0I5U3pLbEFVQTZmMjhrVHoiLCJuYmYiOjE1MDc1MzgwNTQsInN1YiI6IiJ9.rpu8iKViBGzyDoXR227K4ramMkJY2K8Dqgytg4szzYNW620xSueike_h2guzJdLMcpsSDGz8yNfQq7AkaPqn-w
<---- HTTP RESPONSE:
HTTP/1.1 200 OK
Content-Length: 529
Content-Type: application/vnd.docker.distribution.manifest.v2+json
Date: Mon, 09 Oct 2017 08:39:14 GMT
Docker-Content-Digest: sha256:eba772bac22c86d7d6e72421b4700c3f894ab6e35475a34014ff8de74c10872e
Docker-Distribution-Api-Version: registry/2.0
Etag: "sha256:eba772bac22c86d7d6e72421b4700c3f894ab6e35475a34014ff8de74c10872e"
Strict-Transport-Security: max-age=31536000
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"config": {
"mediaType": "application/vnd.docker.container.image.v1+json",
"size": 1863,
"digest": "sha256:196e0ce0c9fbb31da595b893dd39bc9fd4aa78a474bbdc21459a3ebe855b7768"
},
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 73386947,
"digest": "sha256:d9aaf4d82f249dc101a6638ff5177fe926cdebfa6c42d874dfa5029533da0e72"
}
]
}
Analysing 1 layers
----> HTTP REQUEST:
POST /v1/layers HTTP/1.1
Host: clair.example.com:80
Content-Type: application/json
{"Layer":{"Name":"196e0ce0c9fbb31da595b893dd39bc9fd4aa78a474bbdc21459a3ebe855b7768d9aaf4d82f249dc101a6638ff5177fe926cdebfa6c42d874dfa5029533da0e72","Path":"https://registry-1.docker.io/v2/library/centos/blobs/sha256:d9aaf4d82f249dc101a6638ff5177fe926cdebfa6c42d874dfa5029533da0e72","ParentName":"","Format":"Docker","Features":null,"Headers":{"Authorization":"Bearer eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlDTHpDQ0FkU2dBd0lCQWdJQkFEQUtCZ2dxaGtqT1BRUURBakJHTVVRd1FnWURWUVFERXp0Uk5Gb3pPa2RYTjBrNldGUlFSRHBJVFRSUk9rOVVWRmc2TmtGRlF6cFNUVE5ET2tGU01rTTZUMFkzTnpwQ1ZrVkJPa2xHUlVrNlExazFTekFlRncweE56QTFNREl5TWpBME5UZGFGdzB4T0RBMU1ESXlNakEwTlRkYU1FWXhSREJDQmdOVkJBTVRPMDFPTms0NlJraFVWenBKV0VWSE9rOUpOMUU2UVRWWFJqcFpSRVUwT2pkRE4wNDZSMWRKVVRvMVZ6STNPa2hPTlVvNlZVNURRVG95U0UxQ01Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRU5KRklhQ1hHNWYxSk9BZnZSaTJDU081K1Q5RVpKd2doai9SUXgzNW9Uc3Q4RnhXY0dRc3ZOMG5sdW5DVVdIbENxN2I4NFJRTXV0WUVIUnY4MVhweTU2T0JzakNCcnpBT0JnTlZIUThCQWY4RUJBTUNCNEF3RHdZRFZSMGxCQWd3QmdZRVZSMGxBREJFQmdOVkhRNEVQUVE3VFU0MlRqcEdTRlJYT2tsWVJVYzZUMGszVVRwQk5WZEdPbGxFUlRRNk4wTTNUanBIVjBsUk9qVlhNamM2U0U0MVNqcFZUa05CT2pKSVRVSXdSZ1lEVlIwakJEOHdQWUE3VVRSYU16cEhWemRKT2xoVVVFUTZTRTAwVVRwUFZGUllPalpCUlVNNlVrMHpRenBCVWpKRE9rOUdOemM2UWxaRlFUcEpSa1ZKT2tOWk5Vc3dDZ1lJS29aSXpqMEVBd0lEU1FBd1JnSWhBSTJVUlpMQVRTM3R4bjNpNTY0SXVQSFEwQU1Mb1g5cTZCMmdnN01KSHJuTkFpRUE0Q3lzbmtENHhjQm42amdobVdnQzczQjdGVkszenFnOTV4ZjNRK2xGVHlrPSJdfQ.eyJhY2Nlc3MiOlt7InR5cGUiOiJyZXBvc2l0b3J5IiwibmFtZSI6ImxpYnJhcnkvY2VudG9zIiwiYWN0aW9ucyI6WyJwdWxsIl19XSwiYXVkIjoicmVnaXN0cnkuZG9ja2VyLmlvIiwiZXhwIjoxNTA3NTM4NjU0LCJpYXQiOjE1MDc1MzgzNTQsImlzcyI6ImF1dGguZG9ja2VyLmlvIiwianRpIjoiSzRmY0I5U3pLbEFVQTZmMjhrVHoiLCJuYmYiOjE1MDc1MzgwNTQsInN1YiI6IiJ9.rpu8iKViBGzyDoXR227K4ramMkJY2K8Dqgytg4szzYNW620xSueike_h2guzJdLMcpsSDGz8yNfQq7AkaPqn-w"}}}
<---- HTTP RESPONSE:
HTTP/1.1 404 Not Found
Content-Length: 10
Connection: keep-alive
Content-Type: text/plain; charset=utf-8
Date: Mon, 09 Oct 2017 08:39:21 GMT
Server: nginx/1.13.5
X-Content-Type-Options: nosniff
Not Found
Push layer 0 failed: Can't even read an error message: invalid character 'N' looking for beginning of value
----> HTTP REQUEST:
GET /v1/layers/196e0ce0c9fbb31da595b893dd39bc9fd4aa78a474bbdc21459a3ebe855b7768d9aaf4d82f249dc101a6638ff5177fe926cdebfa6c42d874dfa5029533da0e72?vulnerabilities HTTP/1.1
Host: clair.example.com:80
<---- HTTP RESPONSE:
HTTP/1.1 404 Not Found
Content-Length: 10
Connection: keep-alive
Content-Type: text/plain; charset=utf-8
Date: Mon, 09 Oct 2017 08:39:21 GMT
Server: nginx/1.13.5
X-Content-Type-Options: nosniff
Not Found
Analyse image https://registry-1.docker.io/v2/library/centos:7 failed: Analyze error 404: Not Found
Found 0 vulnerabilities
from klar.
Related Issues (20)
- Allow for comments in whitelist file HOT 1
- bug: Basic Auth Header should be Case-Insensitive => Nexus 3 Registry does not work with klar HOT 1
- Do you consider add builded image to hub.docker.com? HOT 1
- Can't pull image: Token request returned 400
- Unable to install klar from the source code using the go get command.
- Change whitelist and blacklist terms HOT 6
- Can't pull fsLayers "authentication required" HOT 2
- go get fails HOT 10
- [Help Needed]How to fetch layer information from klar reponse.
- Repo seems abandoned, is it? HOT 2
- Is Klar getting a release to support clair 4.0.4?
- Klar not able to connect to clair server
- support oci images
- Klar giving empty json o/p intermittently
- Feature: Show all vulnerabilities regardless of CLAIR_OUTPUT value with only selected level and higher are count towards the CLAIR_THRESHOLD
- Klar can not be connectred with clair deployed on openshift
- Klar(2.4.0) does not white list specific images HOT 1
- Feature: Klar check whitelisted CVEs and notify on CVE changed Vector (Score)
- Feature: Klar should be able to scan OCI images
- [BUG] Klar always scans amd64 architecture image although DOCKER_PLATFORM_ARCH=arm64 for multi architecture images
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from klar.