📄️ dockle
The dockle analyzer is a container image linter that checks for security issues and best practices using Dockle.
📄️ endoflife
The endoflife analyzer checks the support status of the software in the image using the endoflife.date API.
📄️ freshness
The freshness analyzer tracks the age of a container image and compares it to the latest version.
📄️ hadolint
The hadolint analyzer lints a "pseudo-Dockerfile" reverse-engineered from the image history using Hadolint.
📄️ popularity
The popularity analyzer provides community adoption metrics from public registries.
📄️ provenance
The provenance analyzer checks for SLSA (Supply-chain Levels for Software Artifacts) provenance and build attestations.
📄️ sbom
The sbom analyzer generates a Software Bill of Materials (SBOM) for container images using Trivy.
📄️ scorecarddev
The scorecarddev analyzer fetches OpenSSF Scorecard security assessments for the image source repository.
📄️ size
The size analyzer provides a detailed breakdown of an image's compressed size.
📄️ skopeo
The skopeo analyzer fetches image metadata and platform details using the Skopeo CLI.
📄️ trivy
The trivy analyzer scans container images for vulnerabilities and secrets using the Trivy CLI.
📄️ versioning
The versioning analyzer detects and classifies the tag naming patterns used by a repository.