Everything open source
May 16–17, 2016: Training & Tutorials
May 18–19, 2016: Conference
Austin, TX

Clair: Clarity with container security scanning

Joey Schorr (CoreOS), Quentin Machu (CoreOS)
4:20pm–5:00pm Thursday, 05/19/2016
Location: Ballroom A Level: Intermediate
Average rating: ****.
(4.75, 4 ratings)

Prerequisite knowledge

Attendees should have general knowledge of open source development. This talk is most relevant for developers and system administrators.


Docker layers can be fast for developers but are also vulnerable if not audited for production. Wouldn’t it be great to improve continuous integration with continuous vulnerability detection?

Clair, a new open source tool to monitor the security of containers, is an API-driven analysis engine that inspects containers layer-by-layer for known security flaws. Joey Schorr and Quentin Machu offer an overview of Clair and use a real-life example to demonstrate how to apply Clair and how it’s able to automatically detect new and existing vulnerabilities in Docker and rkt containers before they get exploited, using graph database queries to track package changes. Come see how it works, get started using Clair to easily build services that provide continuous monitoring for container vulnerabilities, and learn how to get involved with the development.

Photo of Joey Schorr

Joey Schorr


Joey Schorr is a lead software engineer on the Quay team at CoreOS. Joey was cofounder of DevTable, a company he started after leaving Google to focus on building a web-based IDE, which was acquired by CoreOS.

Photo of Quentin Machu

Quentin Machu


Quentin Machu is an engineer on the Quay team at CoreOS and a maintainer of the Clair open source project, which scans containers for vulnerabilities. He is passionate about software engineering and distributed systems. Quentin completed an award-winning OpenStack project as part of his master’s in computer engineering.