Introduction
regis is a command-line tool designed to analyze container image registries, evaluate security playbooks, and generate comprehensive reports. It provides deep visibility into container image metadata and security posture, enabling automated policy enforcement in CI/CD environments.
Analyzers
regis uses a pluggable architecture where separate Analyzers are responsible for extracting specific types of data from container images or their build artifacts.
Playbooks
Playbooks are the core of the regis evaluation engine. They define the security and compliance rules that the tool evaluates against container image metadata.
Rules
Rules are the evaluation heart of RegiS. Each rule defines a specific condition that the analysis results must satisfy, together with a severity level, interpolated messages, and optional parameters. Rules are grouped and evaluated by playbooks, and their results feed into the overall score.
Scoring & Metrics
regis doesn't just provide raw data; it translates analysis results into actionable Scores and Metrics based on your security and operational policies. Scores are derived from rules and displayed in reports.
Reports
One of the core missions of regis is to bridge the gap between automated tools and human review through Visual Excellence. Reports display the results of rule evaluation, the overall score, and can be collected over time into archives for historical tracking.
Archives
An archive is a versioned collection of container image analysis reports. It enables you to track security metrics over time, monitor compliance drift, detect regressions, and maintain audit trails for regulatory requirements.