The "Clair" security scanner

CoreOS has announcedthe release of a container-security tool called Clair. "Clair scanseach container layer and provides a notification of vulnerabilities thatmay be a threat, based on the Common Vulnerabilities and Exposures database(CVE) and similar databases from Red Hat, Ubuntu, and Debian. Since layerscan be shared between many containers, introspection is vital to build aninventory of packages and match that against known CVEs."