Clair
Static analysis engine for container images: layer indexing and vulnerability matching against NVD and distro feeds.
Why it is included
Foundational OSS design behind many registry-integrated scanners before “all-in-one” CLIs dominated.
Best for
Registries and platforms embedding image analysis (Harbor, Quay patterns).
Strengths
- API-first
- Layer-aware
- Mature in registry stacks
Limitations
- Operational DB feeding; compare features with Trivy/Grype for greenfield
Good alternatives
Trivy · Grype · Anchore Engine lineage
Related tools
Security & Privacy
Trivy
All-in-one scanner for container images, IaC, Kubernetes manifests, SBOMs, and VM OS packages with CI integrations.
Security & Privacy
Grype
Vulnerability scanner for container images and filesystems using Anchore’s vulnerability DB and Syft SBOM input.
Security & Privacy
Syft
CLI and library for generating SBOMs (SPDX, CycloneDX) from images, directories, and archives.
Security & Privacy
Nikto
Web server scanner that probes for dangerous files, outdated software, and misconfigurations via many checks.
Security & Privacy
Nuclei
Fast vulnerability scanner driven by YAML templates—used for recon, misconfigs, CVEs, and custom checks at scale.
Security & Privacy
Falco
Cloud-native runtime security for Linux/Kubernetes: syscall and K8s audit rules with Falcoctl and ecosystem outputs.