16 docs tagged with "analyzers"

For more complex projects, regis can be configured using a dedicated YAML file or environment variables. Configuration lets you customize which analyzers to run and which playbook to evaluate.

regis uses a pluggable architecture where separate Analyzers are responsible for extracting specific types of data from container images or their build artifacts.

The cve analyzer scans container images for vulnerabilities (CVEs) using the grype CLI.

The dockle analyzer is a container image linter that checks for security issues and best practices using Dockle.

The endoflife analyzer checks the support status of the software in the image using the endoflife.date API.

The freshness analyzer tracks the age of a container image and compares it to the latest version.

The hadolint analyzer lints a "pseudo-Dockerfile" reverse-engineered from the image history using Hadolint.

You can analyze any public container image using the built-in analyzers. By default, regis produces a JSON report on stdout.

The oci analyzer fetches image metadata and platform details using the regctl CLI.

The popularity analyzer provides community adoption metrics from public registries.

The provenance analyzer checks for SLSA (Supply-chain Levels for Software Artifacts) provenance and build attestations.

The sbom analyzer generates a Software Bill of Materials (SBOM) for container images using syft.

The scorecarddev analyzer fetches OpenSSF Scorecard security assessments for the image source repository.

The secrets analyzer scans container images for embedded secrets and credentials using the TruffleHog CLI.

The size analyzer provides a detailed breakdown of an image's compressed size.

The versioning analyzer detects and classifies the tag naming patterns used by a repository.