Skip to main content
Version: v0.24.0

What's New

A summary of new features and improvements in each release of regis. For the complete list of changes, see the full changelog.

v0.23.7 — March 30, 2026

Highlights

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

  • Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
  • Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

  • Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
  • Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
  • Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

Introduces an automated "What's New" documentation page that summarizes new features and improvements for each release of regis. The page is generated from the CHANGELOG.md and optionally enriched with PR highlights from GitHub.

🐛 Bug Fixes

  • build: pin tailwindcss to v3 and ignore v4 Dependabot bumps (#164)

📚 Documentation

  • Update documentation reference and snapshots (#163)

v0.23.6 — March 30, 2026

Highlights

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

  • Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
  • Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

  • Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
  • Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
  • Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

Introduces an automated "What's New" documentation page that summarizes new features and improvements for each release of regis. The page is generated from the CHANGELOG.md and optionally enriched with PR highlights from GitHub.

📚 Documentation

  • Update documentation reference and snapshots (#161)

v0.23.5 — March 30, 2026

Highlights

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

  • Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
  • Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

  • Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
  • Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
  • Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

Introduces an automated "What's New" documentation page that summarizes new features and improvements for each release of regis. The page is generated from the CHANGELOG.md and optionally enriched with PR highlights from GitHub.

🐛 Bug Fixes

  • docs: resolve Docusaurus broken links and anchor warnings (#159)
  • docs: revert versioned_docs additions and add release snapshot workflow (#160)

📚 Documentation

  • Update documentation reference and snapshots (#157)

v0.23.4 — March 30, 2026

Highlights

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

  • Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
  • Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

  • Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
  • Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
  • Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

Introduces an automated "What's New" documentation page that summarizes new features and improvements for each release of regis. The page is generated from the CHANGELOG.md and optionally enriched with PR highlights from GitHub.

🐛 Bug Fixes

  • build: use pnpm direct install and sync serialize-javascript override (#155)

v0.23.3 — March 30, 2026

Highlights

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

  • Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
  • Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

  • Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
  • Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
  • Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

Introduces an automated "What's New" documentation page that summarizes new features and improvements for each release of regis. The page is generated from the CHANGELOG.md and optionally enriched with PR highlights from GitHub.

🐛 Bug Fixes

  • build: install corepack before enabling pnpm in Dockerfile (#153)

v0.23.2 — March 30, 2026

Highlights

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

  • Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
  • Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

  • Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
  • Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
  • Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

Introduces an automated "What's New" documentation page that summarizes new features and improvements for each release of regis. The page is generated from the CHANGELOG.md and optionally enriched with PR highlights from GitHub.

🐛 Bug Fixes

  • build: regenerate pnpm lockfile after Dependabot bumps (#149)

v0.23.1 — March 30, 2026

Highlights

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

  • Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
  • Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

  • Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
  • Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
  • Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

Introduces an automated "What's New" documentation page that summarizes new features and improvements for each release of regis. The page is generated from the CHANGELOG.md and optionally enriched with PR highlights from GitHub.

🐛 Bug Fixes

  • ci: remove coverage badge direct push to main (#147)

v0.23.0 — March 30, 2026

Highlights

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

  • Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
  • Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

  • Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
  • Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
  • Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

Introduces an automated "What's New" documentation page that summarizes new features and improvements for each release of regis. The page is generated from the CHANGELOG.md and optionally enriched with PR highlights from GitHub.

✨ Features

  • ci: add auto-rebase and auto-merge workflows for PRs (#115)
  • ci: auto-rebase Dependabot PRs via @dependabot rebase comment (#140)
  • ci: skip schema/rules doc generation when source unchanged (#139)

🐛 Bug Fixes

  • ci: fall back to github.token when App secrets unavailable (dependabot PRs) (#137)
  • ci: remove broken @dependabot rebase comment approach (#142)
  • ci: revert actions/create-github-app-token to v1 in docs-publish workflow (#106)
  • ci: skip auto-merge for release-please PRs (#144)
  • ci: use GitHub App token for Trunk auto-commit to trigger new workflow runs (#108)
  • ci: use personal_token for peaceiris/actions-gh-pages in docs-publish (#113)
  • ci: use pull_request_target so auto-merge works on Dependabot PRs (#143)
  • Update GitHub App ID secret reference in docs-publish workflow
  • Update GitHub App private key secret reference in docs-publish workflow

🔧 Reverts

📚 Documentation

  • Add CI/CD gotchas for Dependabot, Release Please, and auto-rebase
  • ci: update memory bank with GitHub Actions auth unification (#114)
  • Snapshot versioned docs for v0.22.0
  • Update documentation reference and snapshots (#103)
  • Update documentation reference and snapshots (#107)
  • Update documentation reference and snapshots (#109)
  • Update documentation reference and snapshots (#110)
  • Update documentation reference and snapshots (#112)
  • Update documentation reference and snapshots (#116)
  • Update documentation reference and snapshots (#118)
  • Update documentation reference and snapshots (#135)

v0.22.0 — March 30, 2026

Highlights

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

  • Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
  • Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

  • Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
  • Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
  • Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

Introduces an automated "What's New" documentation page that summarizes new features and improvements for each release of regis. The page is generated from the CHANGELOG.md and optionally enriched with PR highlights from GitHub.

✨ Features

  • Enable single report viewing by adding support for direct report JSON loading and automatic manifest redirection
  • viewer: add status calculation to archive store and implement status filtering in report viewer

📚 Documentation

  • Snapshot versioned docs for v0.21.0

v0.21.0 — March 30, 2026

Highlights

fix(build): regenerate pnpm lockfile after Dependabot bumps (#149)

  • Regenerates pnpm-lock.yaml to sync with apps/report-viewer/package.json after Dependabot bumped @types/react, @types/react-dom, tailwindcss, and typescript
  • Fixes frozen-lockfile CI failure in the Publish Viewer workflow

🤖 Generated with Claude Code

test(cli): enforce 90% unit test coverage permanently (#146)

  • Threshold enforced: pytest now fails automatically if coverage drops below 90% (--cov-fail-under=90 in addopts), blocking any PR via the required CI status check.
  • Coverage bridged: 21 targeted new tests to go from 86% → 90.02% (330 tests, 0 failing).
  • Badge + report: genbadge generates coverage-badge.svg in CI; the badge is auto-committed on main and the htmlcov/ artifact is uploaded on every run.

Add What's New documentation page with auto-generation from changelog (#145)

Introduces an automated "What's New" documentation page that summarizes new features and improvements for each release of regis. The page is generated from the CHANGELOG.md and optionally enriched with PR highlights from GitHub.

✨ Features

  • analyzer/endoflie: enhance EndOfLifeSection to display detailed cycle information and prune report.json data
  • analyzer/versioning: improve tag classification and expose digest aliases (#97)
  • ci: isolate viewer publication in dedicated workflow
  • cli: add viewer serve and export commands (#99)
  • cli: run initial regis image analysis during bootstrap archive
  • Prevent concurrent use of --site and --archive and skip template rendering when archiving
  • report: implement dynamic archive loading and build robustness (#98)
  • report: load report from a custom URL via query parameter (#94)
  • template: implement two-pass sync to add new files from working directory to template
  • templates: implement comprehensive dashboard components and reporting UI for container analysis

🐛 Bug Fixes

  • analyzer/skopeo: filter out unknown platform entries in SkopeoSection
  • ci: build viewer assets before exporting to static site
  • Upgrade Python to 3.13, harden Dockerfile, mock EOL analyzer tests, and add main branch analysis to docs workflow

v0.20.0 — March 21, 2026

✨ Features

  • Add trunk check commands, introduce the --sync-from option for bootstrap archive, and document the archive UI customization workflow.
  • analyzer/sbom: Add license-blocklist rule for invasive open source license detection (#83)
  • cli: Add bootstrap archive --sync-from to sync UI changes back to template (#90)
  • cli: Run analyzers in parallel with ThreadPoolExecutor (#84)
  • docs: Add two-version documentation (main-dev + vX.Y.Z) (#87)

🐛 Bug Fixes

  • ci: Fix Trunk auto-format workflow to avoid stale SHA issue (#86)
  • playbook: Remove duplicate rules when templates are instantiated by playbook (#89)
  • Update the yaml-language-server schema path in the default playbook.

📚 Documentation

  • Add licensing tag and correct relative path in archive-repo documentation.
  • archive: rename "Archive Repo Setup" to "Archive Repository"
  • Delete versioned documentation and update the reports concept page.
  • docs: Redesign homepage with feature cards and report preview gallery (#88)
  • Improve CLAUDE.md with commands, architecture, and key patterns (#85)
  • Update CLAUDE.md with CLI module split, test patch targets, and trunk hooks

v0.19.0 — March 21, 2026

✨ Features

  • Add --cache option to the analyze command to load and use an existing report.json, skipping re-analysis.
  • Add --theme option for HTML report generation and ignore the /reports directory
  • Add Dockerfile and GitHub Actions workflow for building and publishing regis Docker images.
  • Add domain-trusted scorecard
  • Add extensive test coverage for analyzers and core components, integrate Ruff linter, and refine Skopeo schema.
  • Add GitHub Actions workflows for Super-Linter and automated releases.
  • Add Hadolint analyzer to lint Dockerfiles and display results.
  • Add initial HTML report for image health scores generated by regis.
  • Add Skopeo analyzer and refactor versioning analyzer to use Skopeo for tag listing.
  • Add support for multiple output formats and templated output paths for the run command.
  • Add support for passing metadata via CLI to reports and update report schema.
  • Add support for templated links in scorecards and reports
  • Add time formatting and recursive metadata rendering to improve report request details display.
  • Add user and digest extraction and display to Skopeo image analysis.
  • Add variant detection and reporting to the versioning analyzer
  • analyzer/dockle: add Dockle analyzer for container image security and best practices linting with supporting schema, tests, and documentation.
  • analyzer/size: add layer digest to the size analysis output for individual layers
  • analyzer/versioning: implement digest-based reporting and release lines hierarchy (#21)
  • analyzers: Enable private registry authentication for Trivy-based analyzers and update documentation.
  • analyzers: Reusable rules and simplified rule slugs (#63)
  • archive-repo: Update CI/CD workflows, modify CLI logic, and adjust bootstrap tests.
  • bootstrap: Add bootstrap archive --repo command for automated archive site deployment to GitHub/GitLab Pages.
  • ci: Add a configurable playbook URL input to GitLab CI/CD.
  • ci: add OCI image labels to Dockerfile (#39)
  • ci: add standard OCI annotations to Dockerfile (#43) (#40)
  • ci: allow Docker authentication to prevent rate limits (#45)
  • ci: automate trunk fmt and auto-commit in CI (#48)
  • ci: implement gitlab subcommand for CI workflow (#18)
  • ci: introduce GitLab CI workflow for image analysis with MR-driven triggers and review app deployments.
  • ci: make regis image version configurable in generated GitLab CI.
  • ci: migrate linting to trunk and add mypy/hadolint (#29)
  • cli/bootstrap: display post-install notes after bootstrap (#52)
  • cli: Add CLI command to check image manifest accessibility. Use it to prevent bogus requests.
  • cli: add evaluate command for dry-run evaluation of playbooks (#25)
  • cli: add rules list command and improve evaluator
  • cli: Implement generate command with cookiecutter for project scaffolding and update project templates.
  • cli: Implement a CLI version command, refactor importlib.metadata imports, and update tests and GitLab CI artifact handling.
  • cli: refactor generate to bootstrap command group (#28)
  • Configure Antora Mermaid extension with a specific library URL and script stem.
  • cookiecutter: integrate GitHub Actions metadata into analysis reports for improved traceability and remove unused scorecard levels.
  • cookiecutter: introduce Cookiecutter template for bootstrapping new image analysis projects with documentation, workflows, and default scorecards.
  • cookiecutter: Introduce Cookiecutter template for project bootstrapping and add its comprehensive usage guide, refining the template's analysis workflow input.
  • Display structured analyzer errors in the UI and store them in reports.
  • doc: Add 'Get Started' and 'Understand Playbooks' documentation pages and update navigation.
  • docs: initialize Antora documentation
  • Dynamically set cookiecutter image URL and simplify release-please extra-files configuration.
  • Embed regis version in analysis reports and update cookiecutter image URLs.
  • Enhance default playbook overview with new recommendation and compliance widgets and update widget styling.
  • Enhance registry credential resolution by normalizing Docker Hub aliases and remove the score.html report file.
  • Enhance report output with per-scorecard HTML files, slug support, and improved file writing logic.
  • Enhance scorecard rule evaluation to track missing data, provide detailed condition stringification, and include rule tags in results and UI.
  • Enhance Trivy report display for multiple targets and refine report layout with dedicated sections for links and scorecards.
  • gitlab: append review checklist from report.json to merge request descriptions and unquote $REGIS_CLI_IMAGE in CI.
  • Implement conditional widget rendering, add new widget styling options including alignment and subvalues, and introduce new CSS for recommendations and header elements.
  • Implement flexible registry credential resolution via new --auth CLI option and dedicated module
  • Implement Playbook Tiers, Dynamic Badges and restore multi-page reporting (#56)
  • Implement registry authentication using environment variables and add new tests.
  • Initialize regis project with image analysis, scorecard engine, schema validation, and comprehensive project setup.
  • Integrate scorecard evaluation directly into the analyze command, supporting multiple custom scorecards, and remove the dedicated score command.
  • Introduce new HTML report structure and styling with updated templates and CSS.
  • Introduce OpenSSF Scorecard, Freshness, and Popularity analyzer reports with supporting configuration and robustness improvements.
  • Introduce SBOM analysis using Trivy and CycloneDX, replacing the license analyzer.
  • Introduce scorecard pages to group sections and add new size and versioning analyzers.
  • Introduce section-based scorecards with a new schema and remove the dependency analyzer.
  • playbook: add support for multiple titled GitLab MR description checklists with backward compatibility.
  • playbook: Enhance GitLab MR checklist items with show_if and check_if conditions.
  • playbook: Implement GitLab MR description checklist feature for custom compliance checks.
  • playbook: Implement named addressing for playbook pages and sections
  • playbook: integrate Dockle security analysis with a new policy, dedicated UI, and updated documentation.
  • playbook: Introduce configurable additional MR content generation from templates
  • playbooks: Add support for loading playbooks from remote URLs and update cookiecutters to utilize this feature.
  • Refactor cookiecutter templates to support both GitHub and GitLab platforms with dedicated CI configurations and documentation.
  • Refine scorecard reporting by updating schemas, engine logic, templates, and removing old report files.
  • Render error cards for all unhandled analyzer errors in the report
  • Replace single achieved level with a detailed summary by level in scorecard results, CLI output, and HTML report.
  • report: archive store and standalone archive viewer cookiecutter (#74)
  • report: Embed regis version into analysis reports and schema
  • report: implement docusaurus report viewer (#68)
  • report: overhaul report viewer UI with Tremor components (#70)
  • reports: Implement automatic versioning of analysis reports in GitLab CI and document its configuration.
  • review: enhance GitLab CI report delivery by committing to reports/, posting direct links to MR comments, and updating documentation.
  • review: enhance GitLab CI/CD to specify output filename, run site generation on the default branch, and dynamically configure Pages deployments for review apps and main branch, while updating the project backlog.
  • review: Expose analysis reports as Merge Request artifacts instead of deploying to Review Apps and update documentation accordingly.
  • review: Implement and document a self-service analysis workflow in GitLab CI, including optional report commits to the branch and dynamic Review App links.
  • review: Introduce automated GitLab MR labeling and conditional playbook links based on analysis outcomes.
  • review: use GitLab API for merge request creation to enable setting reviewers and assignees, and add curl dependency.
  • Set default output directory template to include the tag.
  • Track and display involved data analyzers for scorecard rule evaluations in the schema, engine, and HTML report.
  • ui: Implement a new report rendering engine with a sidebar layout and dedicated pages for various analysis results.
  • ui: Introduce new analyzer display templates and enhance the playbook engine to support section widgets.

🐛 Bug Fixes

  • Add step to re-checkout merge ref for pull requests in the Trunk workflow.
  • analyzers: Expose analyzer results at the root of the scorecard evaluation context and update default Trivy rules.
  • analyzers: prevent Skopeo analyzer from failing on index image inspection and formalize commit message guidelines.
  • analyzer: standardize rule names and fix analyzer validation (#62)
  • build: install git in Dockerfile
  • ci: add workflow_dispatch trigger and refine tag matching for Docker publish workflow.
  • ci: configure releaser-pleaser action with release token
  • ci: Fix broken Publish Documentation workflow
  • ci: fix trunk fmt conflict and resolve HTML syntax errors
  • ci: Reorder documentation generation steps in the CI workflow and enhance the Docusaurus report builder with improved build commands and dependency checks.
  • ci: robust auto-formatting and protected branch handling (#51)
  • ci: Update Python version to 3.14 in test workflow.
  • cli: resolve bootstrap command failure in Docker image (#46)
  • Correct malformed versions.json and add a workflow step to validate and reset it if corrupted.
  • Correct relative path for the "Understand Playbooks" guide link in the default playbook overview.
  • docker: address permission denied errors in Docker by setting user UID/GID, ensuring directory writability, and adding a report output fallback.
  • docker: Resolve Docker container permission issues by creating a home directory for the regis user and setting report directory permissions, and update the analysis workflow.
  • docs: Add base URL configuration for Docusaurus reports and update workflow output directory.
  • docs: corrupted versions.json
  • gitlab: Fix report generation path
  • gitlab: Improve GitLab CI report path handling
  • Prevent AttributeError in scorecard link processing by adding type checks and update regis workflow flags to long form.
  • Remove --force from Docusaurus versioning in CI and correct versions.json format.
  • Remove redundant entries from versions.json.
  • Resolve Trunk Check HEAD^2 error by adjusting git checkout depth and auto-commit logic in the lint workflow.
  • schema: add missing fields to trivy schema and fix id resolution
  • template: add missing format_number Jinja2 filter
  • Trunk pipeline
  • Versions...

📚 Documentation

  • Add a comprehensive architectural overview, update documentation structure, and refine the GitLab CI template.
  • Add and update generated static assets and reports for regis and alpine playbook examples.
  • Add documentation for the default playbook, detailing its rules and report organization, and link it in the navigation.
  • Add new example report assets and update documentation pages.
  • Add script to generate example reports and update documentation with new report data and publishing workflow.
  • Add workflow step to generate rules reference documentation.
  • architecture: add C4 Context and Container diagrams to architecture overview (#24)
  • Change Docusaurus broken link handling from throw to warn.
  • commitmessages: add Google Blockly commit style guide link
  • Configure Antora to generate a documentation website for each release
  • Enable local search and fix broken links (#60)
  • Enhance GitHub Actions and GitLab CI integration guides with comprehensive examples, CI metadata, and deployment to respective pages services.
  • Enhance Python, CI/CD, commit message, and documentation rules with new tools, scope definitions, and process clarifications.
  • gitlab-workflow: add section on GitLab Review Apps for Premium/Ultimate tiers with CI/CD configuration example
  • Implement dynamic documentation versioning and cleanup (#58)
  • Implemented automated generation of schema documentation and integrate it into the Antora build workflow.
  • integrations: group GitLab and GitHub documentation into Integrations section (#22)
  • integrations: restructure integration sub-chapter and add cookiecutter tips (#23)
  • Migrate documentation from Antora to Docusaurus (#57)
  • Modernize getting started and project generation guides (#26)
  • Overhaul rules documentation by separating concepts from reference, introducing MDX for detailed rule listings, and updating the rules engine explanation.
  • playbook: Document GitLab MR checklists with conditional display and pre-checking based on analysis results.
  • playbook: explain how to use bootstrap playbook in documentation (#30)
  • README: redesign README.md and update report preview (#32)
  • Refine project description and branding (#37)
  • Refine usage and concepts documentation
  • Remove old versioned documentation, reorganize current docs, and introduce a new CLI reference.
  • Restructure documentation and update index
  • rules: add commit message guidelines and refine CI/CD semantic versioning and conventional commit references.
  • Standardize rule documentation and add concept tags (#61)
  • ui: enable mermaid diagram rendering
  • ui: use correct mermaid extension package
  • ui: use correct mermaid extension package in playbook
  • Update TIP block formatting in playbooks and add documentation versioning and CLI control to notes.
  • versioning: setup docusaurus versioning and generate reference docs
  • website: fix configuration reload errors

v0.18.1 — March 21, 2026

📚 Documentation

  • Add and update generated static assets and reports for regis and alpine playbook examples.

v0.18.0 — March 21, 2026

✨ Features

  • report: implement docusaurus report viewer (#68)
  • report: overhaul report viewer UI with Tremor components (#70)

🐛 Bug Fixes

  • ci: Reorder documentation generation steps in the CI workflow and enhance the Docusaurus report builder with improved build commands and dependency checks.

v0.17.4 — March 20, 2026

🐛 Bug Fixes

  • Versions...

v0.17.3 — March 20, 2026

🐛 Bug Fixes

  • docs: corrupted versions.json
  • Trunk pipeline

v0.17.2 — March 20, 2026

🐛 Bug Fixes

  • Correct malformed versions.json and add a workflow step to validate and reset it if corrupted.

v0.17.1 — March 20, 2026

🐛 Bug Fixes

  • Add step to re-checkout merge ref for pull requests in the Trunk workflow.
  • Remove --force from Docusaurus versioning in CI and correct versions.json format.

v0.17.0 — March 20, 2026

✨ Features

  • analyzers: Reusable rules and simplified rule slugs (#63)
  • cli: add rules list command and improve evaluator

🐛 Bug Fixes

  • analyzer: standardize rule names and fix analyzer validation (#62)
  • Correct relative path for the "Understand Playbooks" guide link in the default playbook overview.
  • Remove redundant entries from versions.json.
  • schema: add missing fields to trivy schema and fix id resolution

📚 Documentation

  • Add workflow step to generate rules reference documentation.
  • Change Docusaurus broken link handling from throw to warn.
  • Enable local search and fix broken links (#60)
  • Overhaul rules documentation by separating concepts from reference, introducing MDX for detailed rule listings, and updating the rules engine explanation.
  • Refine usage and concepts documentation
  • Remove old versioned documentation, reorganize current docs, and introduce a new CLI reference.
  • Restructure documentation and update index
  • Standardize rule documentation and add concept tags (#61)
  • versioning: setup docusaurus versioning and generate reference docs
  • website: fix configuration reload errors

v0.16.0 — March 20, 2026

✨ Features

  • ci: automate trunk fmt and auto-commit in CI (#48)
  • cli/bootstrap: display post-install notes after bootstrap (#52)
  • Implement Playbook Tiers, Dynamic Badges and restore multi-page reporting (#56)

🐛 Bug Fixes

  • ci: fix trunk fmt conflict and resolve HTML syntax errors
  • ci: robust auto-formatting and protected branch handling (#51)
  • ci: Update Python version to 3.14 in test workflow.
  • cli: resolve bootstrap command failure in Docker image (#46)
  • Resolve Trunk Check HEAD^2 error by adjusting git checkout depth and auto-commit logic in the lint workflow.

📚 Documentation

  • Implement dynamic documentation versioning and cleanup (#58)
  • Migrate documentation from Antora to Docusaurus (#57)

v0.15.0 — March 11, 2026

✨ Features

  • ci: add OCI image labels to Dockerfile (#39)
  • ci: add standard OCI annotations to Dockerfile (#43) (#40)
  • ci: allow Docker authentication to prevent rate limits (#45)

v0.14.2 — March 5, 2026

📚 Documentation

  • Refine project description and branding (#37)

v0.14.1 — March 5, 2026

📚 Documentation

  • README: redesign README.md and update report preview (#32)

v0.14.0 — March 5, 2026

✨ Features

  • ci: migrate linting to trunk and add mypy/hadolint (#29)
  • cli: refactor generate to bootstrap command group (#28)

📚 Documentation

  • Modernize getting started and project generation guides (#26)
  • playbook: explain how to use bootstrap playbook in documentation (#30)

v0.13.0 — March 5, 2026

✨ Features

  • analyzer/versioning: implement digest-based reporting and release lines hierarchy (#21)
  • ci: implement gitlab subcommand for CI workflow (#18)

📚 Documentation

  • architecture: add C4 Context and Container diagrams to architecture overview (#24)
  • integrations: group GitLab and GitHub documentation into Integrations section (#22)
  • integrations: restructure integration sub-chapter and add cookiecutter tips (#23)

v0.12.0 — March 5, 2026

✨ Features

  • playbook: add support for multiple titled GitLab MR description checklists with backward compatibility.

🐛 Bug Fixes

  • gitlab: Improve GitLab CI report path handling
  • template: add missing format_number Jinja2 filter

v0.11.0 — March 5, 2026

✨ Features

  • cli: Add CLI command to check image manifest accessibility. Use it to prevent bogus requests.
  • playbook: Introduce configurable additional MR content generation from templates

📚 Documentation

  • playbook: Document GitLab MR checklists with conditional display and pre-checking based on analysis results.

v0.10.0 — March 4, 2026

✨ Features

  • analyzer/size: add layer digest to the size analysis output for individual layers
  • ci: Add a configurable playbook URL input to GitLab CI/CD.
  • ci: make regis image version configurable in generated GitLab CI.
  • gitlab: append review checklist from report.json to merge request descriptions and unquote $REGIS_CLI_IMAGE in CI.
  • playbook: Enhance GitLab MR checklist items with show_if and check_if conditions.

🐛 Bug Fixes

  • gitlab: Fix report generation path

v0.9.0 — March 4, 2026

✨ Features

  • playbook: Implement GitLab MR description checklist feature for custom compliance checks.

🐛 Bug Fixes

  • ci: Fix broken Publish Documentation workflow

v0.8.0 — March 4, 2026

✨ Features

  • analyzer/dockle: add Dockle analyzer for container image security and best practices linting with supporting schema, tests, and documentation.
  • playbook: Implement named addressing for playbook pages and sections
  • playbook: integrate Dockle security analysis with a new policy, dedicated UI, and updated documentation.

📚 Documentation

  • Add script to generate example reports and update documentation with new report data and publishing workflow.
  • Configure Antora to generate a documentation website for each release
  • Implemented automated generation of schema documentation and integrate it into the Antora build workflow.

v0.7.0 — February 23, 2026

✨ Features

  • Add --cache option to the analyze command to load and use an existing report.json, skipping re-analysis.
  • Add --theme option for HTML report generation and ignore the /reports directory
  • Add Dockerfile and GitHub Actions workflow for building and publishing regis Docker images.
  • Add domain-trusted scorecard
  • Add extensive test coverage for analyzers and core components, integrate Ruff linter, and refine Skopeo schema.
  • Add GitHub Actions workflows for Super-Linter and automated releases.
  • Add Hadolint analyzer to lint Dockerfiles and display results.
  • Add initial HTML report for image health scores generated by regis.
  • Add Skopeo analyzer and refactor versioning analyzer to use Skopeo for tag listing.
  • Add support for multiple output formats and templated output paths for the run command.
  • Add support for passing metadata via CLI to reports and update report schema.
  • Add support for templated links in scorecards and reports
  • Add time formatting and recursive metadata rendering to improve report request details display.
  • Add user and digest extraction and display to Skopeo image analysis.
  • Add variant detection and reporting to the versioning analyzer
  • analyzers: Enable private registry authentication for Trivy-based analyzers and update documentation.
  • ci: introduce GitLab CI workflow for image analysis with MR-driven triggers and review app deployments.
  • cli: Implement generate command with cookiecutter for project scaffolding and update project templates.
  • cli: Implement a CLI version command, refactor importlib.metadata imports, and update tests and GitLab CI artifact handling.
  • Configure Antora Mermaid extension with a specific library URL and script stem.
  • cookiecutter: integrate GitHub Actions metadata into analysis reports for improved traceability and remove unused scorecard levels.
  • cookiecutter: introduce Cookiecutter template for bootstrapping new image analysis projects with documentation, workflows, and default scorecards.
  • cookiecutter: Introduce Cookiecutter template for project bootstrapping and add its comprehensive usage guide, refining the template's analysis workflow input.
  • Display structured analyzer errors in the UI and store them in reports.
  • doc: Add 'Get Started' and 'Understand Playbooks' documentation pages and update navigation.
  • docs: initialize Antora documentation
  • Dynamically set cookiecutter image URL and simplify release-please extra-files configuration.
  • Embed regis version in analysis reports and update cookiecutter image URLs.
  • Enhance default playbook overview with new recommendation and compliance widgets and update widget styling.
  • Enhance registry credential resolution by normalizing Docker Hub aliases and remove the score.html report file.
  • Enhance report output with per-scorecard HTML files, slug support, and improved file writing logic.
  • Enhance scorecard rule evaluation to track missing data, provide detailed condition stringification, and include rule tags in results and UI.
  • Enhance Trivy report display for multiple targets and refine report layout with dedicated sections for links and scorecards.
  • Implement conditional widget rendering, add new widget styling options including alignment and subvalues, and introduce new CSS for recommendations and header elements.
  • Implement flexible registry credential resolution via new --auth CLI option and dedicated module
  • Implement registry authentication using environment variables and add new tests.
  • Initialize regis project with image analysis, scorecard engine, schema validation, and comprehensive project setup.
  • Integrate scorecard evaluation directly into the analyze command, supporting multiple custom scorecards, and remove the dedicated score command.
  • Introduce new HTML report structure and styling with updated templates and CSS.
  • Introduce OpenSSF Scorecard, Freshness, and Popularity analyzer reports with supporting configuration and robustness improvements.
  • Introduce SBOM analysis using Trivy and CycloneDX, replacing the license analyzer.
  • Introduce scorecard pages to group sections and add new size and versioning analyzers.
  • Introduce section-based scorecards with a new schema and remove the dependency analyzer.
  • playbooks: Add support for loading playbooks from remote URLs and update cookiecutters to utilize this feature.
  • Refactor cookiecutter templates to support both GitHub and GitLab platforms with dedicated CI configurations and documentation.
  • Refine scorecard reporting by updating schemas, engine logic, templates, and removing old report files.
  • Render error cards for all unhandled analyzer errors in the report
  • Replace single achieved level with a detailed summary by level in scorecard results, CLI output, and HTML report.
  • report: Embed regis version into analysis reports and schema
  • reports: Implement automatic versioning of analysis reports in GitLab CI and document its configuration.
  • review: enhance GitLab CI report delivery by committing to reports/, posting direct links to MR comments, and updating documentation.
  • review: enhance GitLab CI/CD to specify output filename, run site generation on the default branch, and dynamically configure Pages deployments for review apps and main branch, while updating the project backlog.
  • review: Expose analysis reports as Merge Request artifacts instead of deploying to Review Apps and update documentation accordingly.
  • review: Implement and document a self-service analysis workflow in GitLab CI, including optional report commits to the branch and dynamic Review App links.
  • review: Introduce automated GitLab MR labeling and conditional playbook links based on analysis outcomes.
  • review: use GitLab API for merge request creation to enable setting reviewers and assignees, and add curl dependency.
  • Set default output directory template to include the tag.
  • Track and display involved data analyzers for scorecard rule evaluations in the schema, engine, and HTML report.
  • ui: Implement a new report rendering engine with a sidebar layout and dedicated pages for various analysis results.
  • ui: Introduce new analyzer display templates and enhance the playbook engine to support section widgets.

🐛 Bug Fixes

  • analyzers: Expose analyzer results at the root of the scorecard evaluation context and update default Trivy rules.
  • analyzers: prevent Skopeo analyzer from failing on index image inspection and formalize commit message guidelines.
  • build: install git in Dockerfile
  • ci: add workflow_dispatch trigger and refine tag matching for Docker publish workflow.
  • ci: configure releaser-pleaser action with release token
  • docker: address permission denied errors in Docker by setting user UID/GID, ensuring directory writability, and adding a report output fallback.
  • docker: Resolve Docker container permission issues by creating a home directory for the regis user and setting report directory permissions, and update the analysis workflow.
  • Prevent AttributeError in scorecard link processing by adding type checks and update regis workflow flags to long form.

📚 Documentation

  • Add a comprehensive architectural overview, update documentation structure, and refine the GitLab CI template.
  • Add documentation for the default playbook, detailing its rules and report organization, and link it in the navigation.
  • Add new example report assets and update documentation pages.
  • commitmessages: add Google Blockly commit style guide link
  • Enhance GitHub Actions and GitLab CI integration guides with comprehensive examples, CI metadata, and deployment to respective pages services.
  • Enhance Python, CI/CD, commit message, and documentation rules with new tools, scope definitions, and process clarifications.
  • gitlab-workflow: add section on GitLab Review Apps for Premium/Ultimate tiers with CI/CD configuration example
  • rules: add commit message guidelines and refine CI/CD semantic versioning and conventional commit references.
  • ui: enable mermaid diagram rendering
  • ui: use correct mermaid extension package
  • ui: use correct mermaid extension package in playbook
  • Update TIP block formatting in playbooks and add documentation versioning and CLI control to notes.

v0.6.0 — February 21, 2026

✨ Features

  • docs: initialize Antora documentation
  • Add Dockerfile and GitHub Actions workflow for building and publishing regis Docker images.
  • Add GitHub Actions workflows for Super-Linter and automated releases.
  • Add --cache option to the analyze command to load and use an existing report.json, skipping re-analysis.
  • Add user and digest extraction and display to Skopeo image analysis.
  • Add Skopeo analyzer and refactor versioning analyzer to use Skopeo for tag listing.
  • Add Hadolint analyzer to lint Dockerfiles and display results.
  • Introduce scorecard pages to group sections and add new size and versioning analyzers.
  • Enhance Trivy report display for multiple targets and refine report layout with dedicated sections for links and scorecards.
  • Add support for templated links in scorecards and reports
  • Introduce SBOM analysis using Trivy and CycloneDX, replacing the license analyzer.
  • Introduce section-based scorecards with a new schema and remove the dependency analyzer.
  • Introduce OpenSSF Scorecard, Freshness, and Popularity analyzer reports with supporting configuration and robustness improvements.
  • Render error cards for all unhandled analyzer errors in the report
  • Add --theme option for HTML report generation and ignore the /reports directory
  • Set default output directory template to include the tag.
  • Replace single achieved level with a detailed summary by level in scorecard results, CLI output, and HTML report.
  • Display structured analyzer errors in the UI and store them in reports.
  • Track and display involved data analyzers for scorecard rule evaluations in the schema, engine, and HTML report.
  • Add support for multiple output formats and templated output paths for the run command.
  • Introduce new HTML report structure and styling with updated templates and CSS.
  • Integrate scorecard evaluation directly into the analyze command, supporting multiple custom scorecards, and remove the dedicated score command.
  • Enhance scorecard rule evaluation to track missing data, provide detailed condition stringification, and include rule tags in results and UI.
  • Enhance registry credential resolution by normalizing Docker Hub aliases and remove the score.html report file.
  • Implement flexible registry credential resolution via new --auth CLI option and dedicated module
  • Add support for passing metadata via CLI to reports and update report schema.
  • Add initial HTML report for image health scores generated by regis.
  • Add variant detection and reporting to the versioning analyzer
  • Add domain-trusted scorecard
  • Implement registry authentication using environment variables and add new tests.
  • Initialize regis project with image analysis, scorecard engine, schema validation, and comprehensive project setup.

🐛 Bug Fixes

  • analyzers: prevent Skopeo analyzer from failing on index image inspection and formalize commit message guidelines.

📚 Documentation

  • Add a comprehensive architectural overview, update documentation structure, and refine the GitLab CI template.
  • Add documentation for the default playbook, detailing its rules and report organization, and link it in the navigation.
  • Add new example report assets and update documentation pages.
  • commitmessages: add Google Blockly commit style guide link
  • Enhance GitHub Actions and GitLab CI integration guides with comprehensive examples, CI metadata, and deployment to respective pages services.
  • Enhance Python, CI/CD, commit message, and documentation rules with new tools, scope definitions, and process clarifications.
  • gitlab-workflow: add section on GitLab Review Apps for Premium/Ultimate tiers with CI/CD configuration example
  • rules: add commit message guidelines and refine CI/CD semantic versioning and conventional commit references.
  • ui: enable mermaid diagram rendering
  • ui: use correct mermaid extension package
  • ui: use correct mermaid extension package in playbook
  • Update TIP block formatting in playbooks and add documentation versioning and CLI control to notes.