21 docs tagged with "rules"

Image should be less than expected days old.

Max allowed violations for a given severity level.

Image must not contain forbidden environment variables.

Image exposes permitted ports.

All vulnerabilities should be fixed if a patch exists.

Image must provide a Software Bill of Materials.

Image has an acceptable number of layers.

Image must not include components with licenses from the configured blocklist.

Image size is within limits.

OpenSSF Scorecard score is above the threshold.

Image should support multiple platforms.

Playbooks allow you to define your own security policies and customize the structure of your reports. While the Default Playbook covers many best practices, you may want to create a custom one tailored to your organization's specific needs.

Checks if requested image registry domain is in the domains list.

Image must have required OCI labels.

Rules are the evaluation heart of RegiS. Each rule defines a specific condition that the analysis results must satisfy, together with a severity level, interpolated messages, and optional parameters.

This reference lists all built-in rules shipped with RegiS. For a conceptual overview of how rules work, how to override defaults, and how to use rule templates, see Concepts → Rules.

No secrets or credentials should be embedded in the image.

Max allowed issues for a given severity level.

Max allowed violations for a given severity level.

Image tag should not be 'latest'.

Image must not run as root.