diff --git a/Dockerfile b/Dockerfile
index 83769199d27eaca96668313a39f8a2db3ed0eb8f..436d1ffbb403719031bbd8aeb5c6a6c36b07cd35 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,7 @@ ARG BASE_REGISTRY=registry1.dso.mil
 ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8
 ARG BASE_TAG=8.4
 
-FROM quay.io/coreos/clair:v4.1.1 as base
+FROM quay.io/coreos/clair:v4.1.2 as base
 
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as build
 
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 482c7b947e4987f77a2dddc09bda5ba50a1e4801..c4e12f8936ef9f04a43816d2b22137483938b7c1 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -8,7 +8,7 @@ name: "opensource/quay/clair"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dsop.io
 tags:
-- "v4.1.1"
+- "v4.1.2"
 - "latest"
 
 # Build args passed to Dockerfile ARGs
@@ -27,7 +27,7 @@ labels:
   org.opencontainers.image.url: "https://github.com/quay/clair"
   # Name of the distributing entity, organization or individual
   org.opencontainers.image.vendor: "Red Hat"
-  org.opencontainers.image.version: "v4.1.1"
+  org.opencontainers.image.version: "v4.1.2"
   # Keywords to help with search (ex. "cicd,gitops,golang")
   mil.dso.ironbank.image.keywords: "security,scanning,container"
   # This value can be "opensource" or "commercial"
@@ -37,8 +37,8 @@ labels:
 
 # List of resources to make available to the offline build context
 resources:
-- tag: quay.io/coreos/clair:v4.1.1
-  url: docker://quay.io/coreos/clair@sha256:fe4b5f32b8bbc6f4ba276d441e4aaf57bbf6e55092e5f4497f8767aa65fc7c4a
+- tag: quay.io/coreos/clair:v4.1.2
+  url: docker://quay.io/coreos/clair@sha256:e4667dcbe275cf6cd40720f4d2903685f8b3825af20987e4233d658b4080ccc4
 - filename: musl.tar.gz
   url: https://musl.libc.org/releases/musl-1.2.0.tar.gz
   validation: