Getting Started
regis is designed to be easy to set up and run, whether locally or in a CI/CD environment.
Image Analysis
You can analyze any public container image using the built-in analyzers. By default, regis produces a JSON report on stdout.
Advanced Configuration
For more complex projects, regis can be configured using a dedicated YAML file or environment variables. Configuration lets you customize which analyzers to run and which playbook to evaluate.
Playbook customisation
Playbooks let you define your own security policies and customise the structure of your reports.
Registry Authentication
To analyze private images, regis needs to authenticate with your container registry. It typically leverages the authentication mechanisms of its underlying Analyzers, such as regctl and grype.
Troubleshooting
Missing External Tools
Managing Analyzer Tools
The default regis:latest image is slim — only the regis CLI and regctl are baked in. Scanner binaries (grype, syft, trufflehog, hadolint, dockle) are downloaded on first use to a local cache, verified against pinned sha256s (and cosign signatures when available).
CI/CD Integration
2 items