Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.zenable.io/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Goss validates server and container state by testing system properties like installed packages, running processes, open ports, and file contents. Tests run against built artifacts or live systems.

Capabilities

  • Test packages, files, ports, processes, services, users, groups, commands
  • Fast execution (written in Go)
  • YAML-based test definitions
  • Container image testing via dgoss

Limitations

  • Requires a built container image or running server
  • Not applicable to source code analysis — check out Semgrep or CodeQL for source code checks
  • Tests runtime state, not code patterns

Generated Format

  • Language: YAML
  • Structure: Goss test files with resource type sections (package, file, port, etc.)
  • Execution: goss validate or dgoss run <image>

Example Guardrail

package:
  openssl:
    installed: true
    versions:
      semver-constraint: ">=3.0.0"

port:
  tcp:443:
    listening: true

file:
  /etc/ssl/certs:
    exists: true
    filetype: directory

process:
  nginx:
    running: true
Learn more at Goss documentation and gossfile reference.