Automic VaultAutomic Vault

brew

Install clair with Homebrew, Nix, zypper

Vulnerability Static Analysis for Containers. Version 4.8.0 via Homebrew; verified 2026-06-15.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install clair

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#clair

nixpkgs package indexes · pkgs/by-name/cl/clair/package.nix · source: api.github.com

openSUSE zypperverified · 92%
sudo zypper install clair

openSUSE Tumbleweed package metadata · clair · source: download.opensuse.org

overview

Package summary

Vulnerability Static Analysis for Containers

Commands and aliases

  • clair

history

Project history and usage

Clair is Quay's open source service for static analysis of vulnerabilities in application container images, including OCI and Docker images. It is notable in package-manager culture because it made vulnerability metadata, image indexing, and registry-side security scanning part of the ordinary container toolchain.

Project history

The public repository was created in November 2015 and its README describes the project goal as making container-based infrastructure more transparent. Clair later evolved into the v4 architecture documented in the Clair book, with separate indexer, matcher, notifier, and combo operating modes configured by YAML or JSON.

Adoption history

Clair is distributed as a Homebrew formula and appears in other package sets in the supplied input, while its README also points users to stable GitHub releases and a Quay container image. Its adoption path is tied to container registries and CI systems that need image vulnerability matching against known vulnerability feeds.

How it is used

Clients use the Clair API to index container images and match indexed contents against vulnerability data. Operators run Clair with a structured configuration file, commonly under /etc/clair, and select a service mode such as indexer, matcher, notifier, or combo.

Why package nerds care

Clair matters to package nerds because it connects OS-package and language-package vulnerability databases to container layers. It sits at the point where package manifests, distribution advisories, OCI images, and registry policy meet.

Timeline

  • 2015: Public GitHub repository created and initial public release v0.0.1 published.
  • 2016: v1 releases established Clair as a container vulnerability analysis service.
  • 2020: Clair v4 line documented a service-oriented architecture with indexer, matcher, and notifier modes.
  • 2024: v4.7.0 added documented drop-in configuration file support.
  • 2025: v4.9.0 release published.

Related projects

  • Related projects include Quay, OCI image tooling, Docker image tooling, vulnerability databases consumed by Clair matchers, and other image scanners such as Trivy and Grype.

security posture

Risk level: orange

infrastructure mutation or orchestration signal.

Risk classifier

orange risk · medium confidence · infrastructure

Why

  • infrastructure mutation or orchestration signal

Signals

  • text:container

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 8 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
/etc/clair/config.yaml/etc/clair/config.json

executables

Installed executables

CommandKindExposureNote
claircliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version4.8.0
manager updated2026-06-15
local dataok
upstreamcurrent
latest detectedv4.8.0

https://github.com/quay/clair

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:clair
Version4.8.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/clair
Homepagehttps://quay.github.io/clair/
Repositoryhttps://github.com/quay/clair
Upstream docshttps://quay.github.io/clair
LicenseApache-2.0
Source archivehttps://github.com/quay/clair/archive/refs/tags/v4.8.0.tar.gz
Last updated2026-06-15T10:20:12-04:00
Pulseupdated
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nameclair
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

clair

nix profile install nixpkgs#clair
  • normalized package name match
  • Matched by: Clair
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/cl/clair/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
zypper95%

clair 4.9.0-1.2

Vulnerability Static Analysis for Containers

https://github.com/quay/clair

sudo zypper install clair
  • License: Apache-2.0
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: clair
  • 2 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Clair
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: clair from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
zypper95%

clairctl 4.9.0-1.2

CLI for the Clair Vulnerability scanner

https://github.com/quay/clair

sudo zypper install clairctl
  • License: Apache-2.0
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: clair
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Clair
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: clairctl from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment