15 docs tagged with "analyzers"

For more complex projects, regis-cli can be configured using a dedicated YAML file or environment variables.

regis-cli uses a pluggable architecture where separate Analyzers are responsible for extracting specific types of data from container images or their build artifacts.

The dockle analyzer is a container image linter that checks for security issues and best practices using Dockle.

The endoflife analyzer checks the support status of the software in the image using the endoflife.date API.

The freshness analyzer tracks the age of a container image and compares it to the latest version.

The hadolint analyzer lints a "pseudo-Dockerfile" reverse-engineered from the image history using Hadolint.

You can analyze any public container image. By default, regis-cli produces a JSON report on stdout.

The popularity analyzer provides community adoption metrics from public registries.

The provenance analyzer checks for SLSA (Supply-chain Levels for Software Artifacts) provenance and build attestations.

The sbom analyzer generates a Software Bill of Materials (SBOM) for container images using Trivy.

The scorecarddev analyzer fetches OpenSSF Scorecard security assessments for the image source repository.

The size analyzer provides a detailed breakdown of an image's compressed size.

The skopeo analyzer fetches image metadata and platform details using the Skopeo CLI.

The trivy analyzer scans container images for vulnerabilities and secrets using the Trivy CLI.

The versioning analyzer detects and classifies the tag naming patterns used by a repository.