Updates Clair docs for new feature (quay#1260)

Co-authored-by: Steven Smith <[email protected]>

Author: stevsmit

modules/clair-openshift-airgap-database-standalone.adoc

@@ -47,16 +47,17 @@ $ oc port-forward -n quay-enterprise service/example-registry-clair-postgres 543
 ----
 indexer:
     connstring: host=localhost port=5432 dbname=postgres user=postgres password=postgres sslmode=disable <1>
-    scanlock_retry: 10
     layer_scan_concurrency: 5
     migrations: true
+    scanlock_retry: 10
+    airgap: true
     scanner:
       repo:
         rhel-repository-scanner: <2>
-          repo2cpe_mapping_file: /data/cpe-map.json
+          repo2cpe_mapping_file: /data/repository-to-cpe.json
       package:
         rhel_containerscanner: <3>
-          name2repos_mapping_file: /data/repo-map.json
+          name2repos_mapping_file: /data/container-name-repos-map.json
 ----
 <1> Replace the value of the `host` in the multiple `connstring` fields with `localhost`.
 <2> For more information about the `rhel-repository-scanner` parameter, see "Mapping repositories to Common Product Enumeration information".

modules/clair-openshift-airgap-database.adoc

@@ -47,16 +47,17 @@ $ oc port-forward -n quay-enterprise service/example-registry-clair-postgres 543
 ----
 indexer:
     connstring: host=localhost port=5432 dbname=postgres user=postgres password=postgres sslmode=disable <1>
-    scanlock_retry: 10
     layer_scan_concurrency: 5
     migrations: true
+    scanlock_retry: 10
+    airgap: true
     scanner:
       repo:
         rhel-repository-scanner: <2>
-          repo2cpe_mapping_file: /data/cpe-map.json
+          repo2cpe_mapping_file: /data/repository-to-cpe.json
       package:
         rhel_containerscanner: <3>
-          name2repos_mapping_file: /data/repo-map.json
+          name2repos_mapping_file: /data/container-name-repos-map.json
 ----
 <1> Replace the value of the `host` in the multiple `connstring` fields with `localhost`.
 <2> For more information about the `rhel-repository-scanner` parameter, see "Mapping repositories to Common Product Enumeration information".

modules/mapping-repositories-to-cpe-information.adoc

@@ -11,7 +11,7 @@
 Currently, mapping repositories to Common Product Enumeration information is not supported on IBM Power and IBM Z.
 ====
 
-Clair's {rhel} scanner relies on a Common Product Enumeration (CPE) file to map RPM packages to the corresponding security data to produce matching results. These files are owned by product security and updated daily.
+Clair's {rhel} scanner relies on a Common Product Enumeration (CPE) file to map RPM packages to the corresponding security data to produce matching results. Red{nbsp}Hat Product Security maintains and regularly updates these files.
 
 The CPE file must be present, or access to the file must be allowed, for the scanner to properly process RPM packages. If the file is not present, RPM packages installed in the container image will not be scanned.
 
@@ -23,11 +23,12 @@ The CPE file must be present, or access to the file must be allowed, for the sca
 | `names2repos` | link:https://access.redhat.com/security/data/metrics/container-name-repos-map.json[Red Hat Name-to-Repos JSON].
 |===
 
-In addition to uploading CVE information to the database for disconnected Clair installations, you must also make the mapping file available locally:
+By default, Clair's indexer includes the `repos2cpe` and `names2repos` data files within the Clair container. This means that you can reference `/data/repository-to-cpe.json` and `/data/container-name-repos-map.json` in your `clair-config.yaml` file without the need for additional configuration. 
 
-* For standalone {productname} and Clair deployments, the mapping file must be loaded into the Clair pod.
-
-* For {productname-ocp} deployments, you must set the Clair component to `unmanaged`. Then, Clair must be deployed manually, setting the configuration to load a local copy of the mapping file.
+[IMPORTANT]
+====
+Although Red{nbsp}Hat Product Security updates the `repos2cpe` and `names2repos` files regularly, the versions included in the `Clair` container are only updated with {productname} releases (for example, version 3.14.1 -> 3.14.2). This can lead to discrepancies between the latest CPE files and those bundled with Clair."
+====
 
 [id="mapping-repositories-to-cpe-configuration"]
 == Mapping repositories to Common Product Enumeration example configuration
@@ -37,13 +38,13 @@ Use the `repo2cpe_mapping_file` and `name2repos_mapping_file` fields in your Cla
 [source,yaml]
 ----
 indexer:
- scanner:
+  scanner:
     repo:
       rhel-repository-scanner:
-        repo2cpe_mapping_file: /data/cpe-map.json
+        repo2cpe_mapping_file: /data/repository-to-cpe.json
     package:
       rhel_containerscanner:
-        name2repos_mapping_file: /data/repo-map.json
+        name2repos_mapping_file: /data/container-name-repos-map.json
 ----
 
 For more information, see link:https://www.redhat.com/en/blog/how-accurately-match-oval-security-data-installed-rpms[How to accurately match OVAL security data to installed RPMs].

modules/rn_3_14_0.adoc

@@ -27,6 +27,13 @@ The following documentation changes have been made with the {productname} 3.14 r
 
 The following updates have been made to {productname}.
 
+[id="clair-enhancements"]
+=== Clair enhancements
+
+With this release, Clair indexer data is now included with downstream builds. This allows {productname} administrators to more easily reference indexers in the `clair-config.yaml` file when running Clair in an air-gapped or disconnected environment.
+
+For more information, see . . 
+
 [id="model-card-rendering"]
 === Model card rendering on the v2 UI