Implementing Security Scans With Clair In CI Pipelines
Implementing security scans with Clair in a CI/CD pipeline: adding a new stage to detect vulnerabilities and prevent image promotion.
In this video, I've showed 3 different container image tools - one for building container images, one for checking their efficiency and another one for manipulating and promoting them. One critical pipeline stage that was missing is a security scan. We need to make sure that our image does not have any known vulnerabilities. One way to do this is to use the container registry with a built-in security scan. Most of the modern registries have such feature built in. For example, AWS ECR allows you to automatically scan each image right after you push it. Another example is Quay, which provides th...