Overview
RegiS CLI includes several built-in analyzers that extract specific data from container images.
cve
The cve analyzer scans container images for vulnerabilities (CVEs) using the grype CLI.
dockle
The dockle analyzer is a container image linter that checks for security issues and best practices using Dockle.
endoflife
The endoflife analyzer checks the support status of the software in the image using the endoflife.date API.
freshness
The freshness analyzer tracks the age of a container image and compares it to the latest version.
hadolint
The hadolint analyzer lints a "pseudo-Dockerfile" reverse-engineered from the image history using Hadolint.
oci
The oci analyzer fetches image metadata and platform details using the regctl CLI.
popularity
The popularity analyzer provides community adoption metrics from public registries.
provenance
The provenance analyzer checks for SLSA (Supply-chain Levels for Software Artifacts) provenance and build attestations.
sbom
The sbom analyzer generates a Software Bill of Materials (SBOM) for container images using syft.
scorecarddev
The scorecarddev analyzer fetches OpenSSF Scorecard security assessments for the image source repository.
secrets
The secrets analyzer scans container images for embedded secrets and credentials using the TruffleHog CLI.
size
The size analyzer provides a detailed breakdown of an image's compressed size.
versioning
The versioning analyzer detects and classifies the tag naming patterns used by a repository.