Clair vs Microcontainers: What are the differences?
Developers describe Clair as "Open Source Vulnerability Analysis for your Containers". Clair is a container vulnerability analysis service by CoreOS. It provides the list of vulnerabilities that threaten each container and can sends notifications whenever new vulnerabilities that affect existing containers are released. On the other hand, Microcontainers is detailed as "Tiny, Portable Docker Containers". A Microcontainer contains only the OS libraries and language dependencies required to run an application and the application itself. Nothing more. Rather than starting with everything but the kitchen sink, start with the bare minimum and add dependencies on an as needed basis.
Clair and Microcontainers belong to "Container Tools" category of the tech stack.
Some of the features offered by Clair are:
- api defines how users interact with Clair and exposes a documented HTTP API.
- worker extracts useful informations from layers and store everything in the database.
- updater periodically updates Clair's vulnerability database from known vulnerability sources.
On the other hand, Microcontainers provides the following key features:
- Size — MicroContainers are small. As shown above, without changing any code the image is 22 times smaller than a typical image.
- Fast/Easy Distribution — Because the size is so much smaller, it’s much quicker to download the image from a Docker registry (eg: Docker Hub) and therefore it can be distributed to different machines much quicker.
- Improved Security — Less code/less programs in the container means less attack surface. And, the base OS can be more secure (more below).
Clair and Microcontainers are both open source tools. It seems that Clair with 5.41K GitHub stars and 696 forks on GitHub has more adoption than Microcontainers with 1.56K GitHub stars and 137 GitHub forks.