21 docs tagged with "rules"

Image should be less than expected days old.

Max allowed violations for a given severity level.

Image must not contain forbidden environment variables.

Image exposes permitted ports.

All vulnerabilities should be fixed if a patch exists.

Image must provide a Software Bill of Materials.

Image has an acceptable number of layers.

Image must not include components with licenses from the configured blocklist.

Image size is within limits.

OpenSSF Scorecard score is above the threshold.

Image should support multiple platforms.

Playbooks let you define your own security policies and customise the structure of your reports.

Checks if requested image registry domain is in the domains list.

Image must have required OCI labels.

Rules are the evaluation heart of RegiS. Each rule defines a specific condition that the analysis results must satisfy, together with a severity level, interpolated messages, and optional parameters. Rules are grouped and evaluated by playbooks, and their results feed into the overall score.

This reference lists all built-in rules shipped with RegiS. For a conceptual overview of how rules work, how to override defaults, and how to use rule templates, see Concepts → Rules.

No secrets or credentials should be embedded in the image.

Max allowed issues for a given severity level.

Max allowed violations for a given severity level.

Image tag should not be 'latest'.

Image must not run as root.