clair
« Back to VersTracker
Description:
Vulnerability Static Analysis for Containers
Type: Formula  |  Latest Version: 4.8.0@0  |  Tracked Since: Dec 17, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: security containers vulnerability-scanning devsecops static-analysis
Install: brew install clair
About:
Clair is an open-source vulnerability static analysis tool for application containers. It identifies security threats in containers by scanning their layers and comparing them against a known vulnerability database. This enables developers and security teams to proactively detect and remediate security issues before deployment.
Key Features:
  • Layer-based vulnerability scanning
  • Integration with container registries
  • API-driven architecture
  • Supports multiple Linux distributions
Use Cases:
  • CI/CD pipeline security gating
  • Container registry auditing
  • DevSecOps vulnerability management
Alternatives:
  • Trivy – Trivy is often considered easier to set up and use for quick scans, while Clair provides a more comprehensive, API-driven solution suitable for enterprise registries.
  • Anchore Engine – Anchore provides policy-based compliance checks in addition to vulnerability scanning, whereas Clair focuses primarily on vulnerability identification.
License: Apache-2.0
Bottles available for: arm64_tahoe, arm64_sequoia, arm64_sonoma, arm64_ventura, sonoma, ventura, arm64_linux, x86_64_linux
Version History
Detected Version Rev Change Commit
Oct 10, 2025 3:07am 0 VERSION_BUMP c1fafb85
Sep 12, 2025 7:50pm 0 VERSION_BUMP 999d333b
Oct 9, 2024 10:17pm 0 VERSION_BUMP 158f6ffb
Oct 9, 2024 9:26pm 0 VERSION_BUMP 848ddfe3
« Back to VersTracker  |  Browse Packages  |  About