Analyzers Reference
RegiS CLI includes several built-in analyzers that extract specific data from container images. Each analyzer runs independently and contributes to the unified data model evaluated by your Playbooks.
| Analyzer | Description |
|---|---|
| cve | Vulnerability (CVE) scanning via grype |
| dockle | Container image linting and CIS benchmark checks |
| endoflife | OS and runtime end-of-life status |
| freshness | Image age and staleness score |
| hadolint | Dockerfile best practice linting |
| oci | Base metadata from registry (labels, architecture, layers) |
| popularity | Registry pull count and popularity metrics |
| provenance | Supply chain provenance and attestations |
| sbom | Software Bill of Materials (CycloneDX / SPDX) via syft |
| scorecarddev | OpenSSF Scorecard checks |
| secrets | Embedded secret detection via trufflehog |
| size | Image size and layer analysis |
| versioning | Image tag and versioning policy |