25 docs tagged with "rules"

Image should be less than expected days old.

Max allowed violations for a given severity level.

Image must not contain forbidden environment variables.

Image exposes permitted ports.

All vulnerabilities should be fixed if a patch exists.

Image must provide a Software Bill of Materials.

Image has an acceptable number of layers.

Image must not include components with licenses from the configured blocklist.

Image size is within limits.

OpenSSF Scorecard score is above the threshold.

Image must not support forbidden platforms.

Image should support multiple platforms.

Image must support a required set of platforms.

Image must only support allowed platforms.

Playbooks let you define your own security policies and customise the structure of your reports.

Checks if requested image registry domain is in the domains list.

Image must have required OCI labels.

This reference lists all built-in criteria shipped with Regis. For a conceptual overview of how rules and criteria work, how to override defaults, and how to bind a criterion, see Concepts → Rules and criteria.

Rules are the evaluation heart of Regis. A rule is the policy decision your

No secrets or credentials should be embedded in the image.

Max allowed issues for a given severity level.

Max allowed violations for a given severity level.

Image tag should not be 'latest'.

Image must not run as root.

No verified, active credentials should be embedded in the image.