Clair from CoreOS Automates Container Security for Open Source Linux OS

CoreOS is shooting to make it easier to secure open source containers on Linux by releasing Clair, a tool that checks containers for security vulnerabilities, to the open source community.

Christopher Tozzi, Contributing Editor

November 16, 2015

1 Min Read
Clair from CoreOS Automates Container Security for Open Source Linux OS

CoreOS is shooting to make it easier to secure open source containers on Linux by releasing Clair, a tool that checks containers for security vulnerabilities, to the open source community.

CoreOS offers a Linux distribution tailored for massive deployments in the cloud and datacenter. The project says it hopes Clair will make it easier for administrators to ensure that the apps they run in containers on CoreOS, as well as other versions of GNU/Linux, are safe from bugs that could compromise data or create other security intrusions.

“Using Clair, you can easily build services that provide continuous monitoring for container vulnerabilities,” the project explained in announcing the Clair launch. “CoreOS believes tools that improve the security of the world’s infrastructure should be available for all users and vendors, so we made the project open source.”

Clair’s methodology is fairly straightforward. The tool scans container packages and compares the information it finds with databases of known security vulnerabilities. The tool automatically rescans containers when new vulnerabilities are announced.

CoreOS emphasizes that Clair is currently not sufficiently sophisticated to determine whether a known vulnerability in a container layer can actually be exploited based on the particular conditions under which the container is running. The tool also doesn’t attempt to identify security vulnerabilities that are not yet publicly documented, which is a much more complex affair than matching information in security databases.

For these reasons, Clair is not a complete replacement for human beings who monitor software for security issues. But it does much to help automate the process, which is important as containers based on systems like Docker surge in popularity.

Read more about:

AgentsMSPsVARs/SIs

About the Author

Christopher Tozzi

Contributing Editor

Christopher Tozzi started covering the channel for The VAR Guy on a freelance basis in 2008, with an emphasis on open source, Linux, virtualization, SDN, containers, data storage and related topics. He also teaches history at a major university in Washington, D.C. He occasionally combines these interests by writing about the history of software. His book on this topic, “For Fun and Profit: A History of the Free and Open Source Software Revolution,” is forthcoming with MIT Press.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like