Updaters and Defaults

The default updaters are tracked in updater/defaults/defaults.go.

HTTP Resources

The following are the HTTP hosts and paths that Clair will attempt to talk to in a default configuration. This list is non-exhaustive, as some servers will issue redirects and some request URLs are constructed dynamically.

https://secdb.alpinelinux.org/
http://repo.us-west-2.amazonaws.com/2018.03/updates/x86_64/mirror.list
https://cdn.amazonlinux.com/2/core/latest/x86_64/mirror.list
https://cdn.amazonlinux.com/al2023/core/mirrors/latest/x86_64/mirror.list
https://deb.debian.org/
https://security-tracker.debian.org/tracker/data/json
https://nvd.nist.gov/feeds/json/cve/1.1/
https://linux.oracle.com/security/oval/com.oracle.elsa-*.xml.bz2
https://packages.vmware.com/photon/photon_oval_definitions/
https://security.access.redhat.com/data/metrics/cvemap.xml
https://access.redhat.com/security/cve/
https://security.access.redhat.com/data/oval/v2/PULP_MANIFEST
https://security.access.redhat.com/data/csaf/v2/vex/
https://ftp.suse.com/pub/projects/security/oval/
https://api.launchpad.net/1.0/
https://security-metadata.canonical.com/oval/com.ubuntu.*.cve.oval.xml
https://osv-vulnerabilities.storage.googleapis.com/

Claircore Documentation

Updaters and Defaults

HTTP Resources