-
Notifications
You must be signed in to change notification settings - Fork 41
/
Copy pathclair.yaml
130 lines (122 loc) · 3.83 KB
/
clair.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#
# Author: Hari Sekhon
# Date: 2023-05-12 02:22:17 +0100 (Fri, 12 May 2023)
#
# vim:ts=2:sts=2:sw=2:et
#
# https://github.com/HariSekhon/Templates
#
# License: see accompanying Hari Sekhon LICENSE file
#
# If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
#
# https://www.linkedin.com/in/HariSekhon
#
# ============================================================================ #
# Q u a y C l a i r S c a n n e r C o n f i g
# ============================================================================ #
# https://quay.github.io/clair/reference/config.html
# All 3 processes use this same config file regardless of combo or distributed mode
# XXX: in combo mode '*_addr' fields are ignored as everything runs in a single process
---
introspection_addr: 0.0.0.0:8089 # where Clair's metrics and health endpoints are exposed
http_listen_addr: 0.0.0.0:8080
log_level: info # debug, debug-color, warn, error, fatal, panic
indexer:
# libpq connection string
#connstring: host=clair-postgresql.clair.svc.cluster.local port=5432 user=clair dbname=clair sslmode=disable
# or URL
# XXX: trivy and grype don't catch this:-/
connstring: postgres://clair:[email protected]/clair?sslmode=disable
scanlock_retry: 10
layer_scan_concurrency: 5
migrations: true
matcher:
indexer_addr: clair.clair.svc.cluster.local:8080 # XXX: Edit
#connstring: host=clair-postgresql.clair.svc.cluster.local port=5432 user=clair dbname=clair sslmode=disable
connstring: postgres://clair:[email protected]/clair?sslmode=disable
max_conn_pool: 100
run: ""
migrations: true
# https://quay.github.io/clair/reference/config.html#updaterssets
updater_sets:
- alpine
- aws
- debian
- oracle
- photon
- pyupio
- rhel
- suse
- ubuntu
matchers:
# https://quay.github.io/clair/reference/config.html#matchers
names:
- alpine
- aws
- debian
- oracle
- photon
- python
- rhel
- suse
- ubuntu
- crda
config:
#python:
# ignore_vulns:
# - CVE-XYZ
# - CVE-ABC
crda:
url: https://gw.api.openshift.io/api/v2/
source: clair-sample-instance
key: 207c527cfc2a6b8dcf4fa43ad7a976da
notifier:
indexer_addr: http://clair.clair.svc.cluster.local:8080/ # XXX: Edit for distributed mode
matcher_addr: http://clair.clair.svc.cluster.local:8080/ # XXX: Edit for distributed mode
#connstring: host=clair-postgresql.clair.svc.cluster.local port=5432 user=clair dbname=clair sslmode=disable
connstring: postgres://clair:[email protected]/clair?sslmode=disable
migrations: true
delivery_interval: 1m
poll_interval: 5m
# if multiple delivery methods are defined the only one will be selected.
# preference order:
# webhook, amqp, stomp
#webhook:
# target: http://webhook/
# callback: http://clair-notifier/notifier/api/v1/notifications
#amqp:
# exchange:
# name: ""
# type: direct
# durable: true
# auto_delete: false
# uris:
# - amqp://user:pass@host:10000/vhost
# direct: false
# routing_key: notifications
# callback: http://clair-notifier/notifier/api/v1/notifications
# tls:
# root_ca: optional/path/to/rootca
# cert: madatory/path/to/cert
# key: madatory/path/to/ke
#stomp:
# desitnation: notifications
# direct: false
# callback: http://clair-notifier/notifier/api/v1/notifications
# login:
# login: username
# passcode: passcode
# tls:
# root_ca: optional/path/to/rootca
# cert: madatory/path/to/cert
# key: madatory/path/to/key
trace:
name: jaeger
probability: 1
jaeger:
agent:
endpoint: localhost:6831
service_name: clair
metrics:
name: prometheus