klar: Klar produces duplicate entries

I am doing vulnerability analysis of the docker image in our Artifactory. I don’t know if this is caused by my personal mistake, but I’ve noticed that Klar gives wrong result.

What I mean is:

After I run command like CLAIR_ADDR=http://localhost CLAIR_OUTPUT=High CLAIR_THRESHOLD=10 DOCKER_USER=me DOCKER_PASSWORD=secret klar <Image>, it prints out the result showing number of vulnerabilities in different severities. However, if shows a lot of duplicate CVE entries and also it DOES NOT show all the vulnerabilities compared to what I can get using CLAIR API curl http://192.168.99.100:30060/v1/layers/<LAYER_ID>\?vulnerabilities.

Can someone explain this?

About this issue

Original URL
State: closed
Created 6 years ago
Reactions: 2
Comments: 15 (6 by maintainers)

Most upvoted comments

Hi @pauvos If you output in json format, for example… CLAIR_ADDR=http://localhost:6060 JSON_OUTPUT=true CLAIR_THRESHOLD=0 /usr/local/bin/klar debian:7 >/tmp/x You can then use the excellent jq to remove duplicates… cat /tmp/x | jq '[.Vulnerabilities.High[]]|unique' cat /tmp/x | jq '[.Vulnerabilities.Medium[]]|unique'

philenz on May 3, 2018

debian:7 yields a lot of duplicates.

I receive a CVE-2010-4052 warning affecting eglibc approx. 10 times in a row.

klar: v2.0.2 (from github release page) clair: quay.io/coreos/clair:v2.0.2

btw: thanks for sharing klar with the public!

Scan result: debian-7.20180425.txt

pauvos on Apr 25, 2018

@hashmap You are using clair-git image, which is not a stable release and the API for that is not available yet. Can you please try clair (stable release) image?

For my testing, clair-git indeed gives unique results (but I cannot use the clair API to verify if the result is correct or not), but clair still produces duplicate CVEs.

lli-hiya on Jan 16, 2018