Skip to main content
Version: v0.38.0

Getting Started

regis is designed to be easy to set up and run, whether locally or in a CI/CD environment.

Installation

The easiest way to use regis without managing local dependencies is to use the official Docker image. It comes pre-packaged with regctl, grype, syft, trufflehog, Hadolint, and Dockle.

docker run --rm ghcr.io/trivoallan/regis --help

Local Installation

Prerequisites

The requirements depend on whether you use the Docker image or install the tool locally.

  • Core Requirement:
    • regctl: Essential for multi-architecture registry inspection and metadata extraction.
  • Optional Analyzers:
    • grype: Required for vulnerability (CVE) scanning.
    • syft: Required for SBOM generation.
    • trufflehog: Required for embedded secret detection.
    • Hadolint: Required for Dockerfile linting.
    • Dockle: Required for container image security linting.

Install the regis CLI from source with uv:

uv tool install git+https://github.com/trivoallan/regis.git
tip

For developers wanting to contribute to the project, use uv: uv sync

GitHub Repository Configuration

If you plan to use automated documentation snapshots on a GitHub repository with protected branches, ensure that the "Allow auto-merge" option is enabled in your repository's general settings. This allows the automated workflows to synchronize documentation safely without manual intervention on every update. See the GitHub Actions integration guide for more details.

Your First Analysis

Run your first analysis against a public image to see Regis in action:

regis analyze alpine:latest --evaluate --html

This command:

  • Runs all built-in analyzers against the alpine:latest image
  • Evaluates results against the default playbook
  • Writes a self-contained report.html you can open in any browser

Open the generated report.html to see a compliance score, vulnerability findings, best practice checks, and image metadata. See Scoring to understand how scores are calculated.

Next steps: