Getting Started
regis is designed to be easy to set up and run, whether locally or in a CI/CD environment.
Installation
Docker (Recommended)
The easiest way to use regis without managing local dependencies is to use the official Docker image. It comes pre-packaged with regctl, grype, syft, trufflehog, Hadolint, and Dockle.
docker run --rm trivoallan/regis --help
Local Installation
Prerequisites
The requirements depend on whether you use the Docker image or install the tool locally.
- Core Requirement:
- regctl: Essential for multi-architecture registry inspection and metadata extraction.
- Optional Analyzers:
- grype: Required for vulnerability (CVE) scanning.
- syft: Required for SBOM generation.
- trufflehog: Required for embedded secret detection.
- Hadolint: Required for Dockerfile linting.
- Dockle: Required for container image security linting.
pip install regis
For developers wanting to contribute to the project, use Pipenv:
pipenv install --dev
GitHub Repository Configuration
If you plan to use automated documentation snapshots on a GitHub repository with protected branches, ensure that the "Allow auto-merge" option is enabled in your repository's general settings. This allows the automated workflows to synchronize documentation safely without manual intervention on every update. See the GitHub Actions integration guide for more details.
Your First Analysis
Run your first analysis against a public image to see Regis in action:
regis analyze alpine:latest --evaluate --html
This command:
- Runs all built-in analyzers against the
alpine:latestimage - Evaluates results against the default playbook
- Writes a self-contained
report.htmlyou can open in any browser
Open the generated report.html to see a compliance score, vulnerability findings, best practice checks, and image metadata. See Scoring to understand how scores are calculated.
Next steps:
- Define custom rules: Custom Playbooks
- Integrate into your workflow: CI/CD Integration
- Fine-tune behavior: Advanced Configuration