CoreOS is shooting to make it easier to secure open source containers on Linux by releasing Clair, a tool that checks containers for security vulnerabilities, to the open source community.

CoreOS offers a Linux distribution tailored for massive deployments in the cloud and datacenter. The project says it hopes Clair will make it easier for administrators to ensure that the apps they run in containers on CoreOS, as well as other versions of GNU/Linux, are safe from bugs that could compromise data or create other security intrusions.

“Using Clair, you can easily build services that provide continuous monitoring for container vulnerabilities,” the project explained in announcing the Clair launch. “CoreOS believes tools that improve the security of the world’s infrastructure should be available for all users and vendors, so we made the project open source.”

Clair’s methodology is fairly straightforward. The tool scans container packages and compares the information it finds with databases of known security vulnerabilities. The tool automatically rescans containers when new vulnerabilities are announced.

CoreOS emphasizes that Clair is currently not sufficiently sophisticated to determine whether a known vulnerability in a container layer can actually be exploited based on the particular conditions under which the container is running. The tool also doesn’t attempt to identify security vulnerabilities that are not yet publicly documented, which is a much more complex affair than matching information in security databases.

For these reasons, Clair is not a complete replacement for human beings who monitor software for security issues. But it does much to help automate the process, which is important as containers based on systems like Docker surge in popularity.