macOS
brew install clairlocal Homebrew formula metadata
brew
Vulnerability Static Analysis for Containers. Version 4.8.0 via Homebrew; verified 2026-06-15.
install
brew install clairlocal Homebrew formula metadata
nix profile install nixpkgs#clairnixpkgs package indexes · pkgs/by-name/cl/clair/package.nix · source: api.github.com
sudo zypper install clairopenSUSE Tumbleweed package metadata · clair · source: download.opensuse.org
overview
Vulnerability Static Analysis for Containers
history
Clair is Quay's open source service for static analysis of vulnerabilities in application container images, including OCI and Docker images. It is notable in package-manager culture because it made vulnerability metadata, image indexing, and registry-side security scanning part of the ordinary container toolchain.
The public repository was created in November 2015 and its README describes the project goal as making container-based infrastructure more transparent. Clair later evolved into the v4 architecture documented in the Clair book, with separate indexer, matcher, notifier, and combo operating modes configured by YAML or JSON.
Clair is distributed as a Homebrew formula and appears in other package sets in the supplied input, while its README also points users to stable GitHub releases and a Quay container image. Its adoption path is tied to container registries and CI systems that need image vulnerability matching against known vulnerability feeds.
Clients use the Clair API to index container images and match indexed contents against vulnerability data. Operators run Clair with a structured configuration file, commonly under /etc/clair, and select a service mode such as indexer, matcher, notifier, or combo.
Clair matters to package nerds because it connects OS-package and language-package vulnerability databases to container layers. It sits at the point where package manifests, distribution advisories, OCI images, and registry policy meet.
security posture
infrastructure mutation or orchestration signal.
orange risk · medium confidence · infrastructure
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
/etc/clair/config.yaml/etc/clair/config.jsonexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
clair | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
install metadata
| Package key | brew:clair |
|---|---|
| Version | 4.8.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/clair |
| Homepage | https://quay.github.io/clair/ |
| Repository | https://github.com/quay/clair |
| Upstream docs | https://quay.github.io/clair |
| License | Apache-2.0 |
| Source archive | https://github.com/quay/clair/archive/refs/tags/v4.8.0.tar.gz |
| Last updated | 2026-06-15T10:20:12-04:00 |
| Pulse | updated |
| Build dependencies | go |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | clair |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
clair
nix profile install nixpkgs#clairclair 4.9.0-1.2
Vulnerability Static Analysis for Containers
sudo zypper install clairclairctl 4.9.0-1.2
CLI for the Clair Vulnerability scanner
sudo zypper install clairctlsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.