# Install clair with Homebrew, Nix, zypper

Vulnerability Static Analysis for Containers. Version 4.8.0 via Homebrew; verified 2026-06-15.

## Install

```sh
sudo av install brew:clair
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install clair
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#clair
```

  Evidence: nixpkgs package indexes: pkgs/by-name/cl/clair/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- zypper (92%):

```sh
sudo zypper install clair
```

  Evidence: openSUSE Tumbleweed package metadata: clair from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

## Package facts

- **Package key:** brew:clair
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/clair>
- **Version:** 4.8.0
- **Source summary:** Vulnerability Static Analysis for Containers
- **Homepage:** <https://quay.github.io/clair/>
- **Repository:** <https://github.com/quay/clair>
- **Upstream docs:** <https://quay.github.io/clair>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/quay/clair/archive/refs/tags/v4.8.0.tar.gz>
- **Last updated:** 2026-06-15T10:20:12-04:00
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- clair (cli)
- clair (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 4.8.0
- Package-manager updated: 2026-06-15
- Local data: ok
- Upstream repository: https://github.com/quay/clair
- Upstream latest detected: v4.8.0 (current)
## Project history and usage

Clair is Quay's open source service for static analysis of vulnerabilities in application container images, including OCI and Docker images. It is notable in package-manager culture because it made vulnerability metadata, image indexing, and registry-side security scanning part of the ordinary container toolchain.

### Project history

The public repository was created in November 2015 and its README describes the project goal as making container-based infrastructure more transparent. Clair later evolved into the v4 architecture documented in the Clair book, with separate indexer, matcher, notifier, and combo operating modes configured by YAML or JSON.

### Adoption history

Clair is distributed as a Homebrew formula and appears in other package sets in the supplied input, while its README also points users to stable GitHub releases and a Quay container image. Its adoption path is tied to container registries and CI systems that need image vulnerability matching against known vulnerability feeds.

### How it is used

Clients use the Clair API to index container images and match indexed contents against vulnerability data. Operators run Clair with a structured configuration file, commonly under /etc/clair, and select a service mode such as indexer, matcher, notifier, or combo.

### Why package nerds care

Clair matters to package nerds because it connects OS-package and language-package vulnerability databases to container layers. It sits at the point where package manifests, distribution advisories, OCI images, and registry policy meet.

### Timeline

- 2015: Public GitHub repository created and initial public release v0.0.1 published.
- 2016: v1 releases established Clair as a container vulnerability analysis service.
- 2020: Clair v4 line documented a service-oriented architecture with indexer, matcher, and notifier modes.
- 2024: v4.7.0 added documented drop-in configuration file support.
- 2025: v4.9.0 release published.

### Related projects

- Related projects include Quay, OCI image tooling, Docker image tooling, vulnerability databases consumed by Clair matchers, and other image scanners such as Trivy and Grype.

### Sources

- <https://github.com/quay/clair>
- <https://quay.github.io/clair>
- <https://quay.github.io/clair/reference/config.html>
- <https://api.github.com/repos/quay/clair/releases>


## Security Notes

infrastructure mutation or orchestration signal.

- **Geiger risk:** orange / medium
- infrastructure mutation or orchestration signal


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: /etc/clair/config.yaml, /etc/clair/config.json
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** clair
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - clair: normalized package name match | nixpkgs package indexes: pkgs/by-name/cl/clair/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- zypper - clair - 4.9.0-1.2: normalized package name match | openSUSE Tumbleweed package metadata: clair from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Vulnerability Static Analysis for Containers | https://github.com/quay/clair
- zypper - clairctl - 4.9.0-1.2: normalized package name match | openSUSE Tumbleweed package metadata: clairctl from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | CLI for the Clair Vulnerability scanner | https://github.com/quay/clair


## Related links

- [Cloud CLI packages](https://www.automicvault.com/pkg/cloud-clis/) - Belongs to a cloud or infrastructure command family.
- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [copa](https://www.automicvault.com/pkg/brew/copa/) - Shares av.db curated category or tags: cli, containers, security, vulnerability-scanning.
- [govulncheck](https://www.automicvault.com/pkg/brew/govulncheck/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.
- [grype](https://www.automicvault.com/pkg/brew/grype/) - Shares av.db curated category or tags: cli, containers, security, vulnerability-scanning.
- [snyk-cli](https://www.automicvault.com/pkg/brew/snyk-cli/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.
- [bomber](https://www.automicvault.com/pkg/brew/bomber/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.
- [nuclei](https://www.automicvault.com/pkg/brew/nuclei/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.
- [osv-scanner](https://www.automicvault.com/pkg/brew/osv-scanner/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.
- [terrapin-scanner](https://www.automicvault.com/pkg/brew/terrapin-scanner/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.

## Combined YAML source

View the package source record on GitHub. [combined/clair.yml](https://github.com/automic-vault/db/blob/main/combined/clair.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
