Goss

Overview
Capabilities
Limitations
Generated Format
Example Guardrail

Overview

Goss validates server and container state by testing system properties like installed packages, running processes, open ports, and file contents. Tests run against built artifacts or live systems.

Capabilities

Test packages, files, ports, processes, services, users, groups, commands
Fast execution (written in Go)
YAML-based test definitions
Container image testing via dgoss

Limitations

Requires a built container image or running server
Not applicable to source code analysis — check out Semgrep or CodeQL for source code checks
Tests runtime state, not code patterns

Generated Format

Language: YAML
Structure: Goss test files with resource type sections (package, file, port, etc.)
Execution: goss validate or dgoss run <image>

Example Guardrail

package:
  openssl:
    installed: true
    versions:
      semver-constraint: ">=3.0.0"

port:
  tcp:443:
    listening: true

file:
  /etc/ssl/certs:
    exists: true
    filetype: directory

process:
  nginx:
    running: true

Learn more at Goss documentation and gossfile reference.

OPA Gatekeeper AWS SCP

Overview

Integrations

Guardrails Engines

IDE Installation Guides

Deprecated IDEs

Tools & Reference

Use Cases

Overview

Capabilities

Limitations

Generated Format

Example Guardrail

Overview

Integrations

Guardrails Engines

IDE Installation Guides

Deprecated IDEs

Tools & Reference

Use Cases

​Overview

​Capabilities

​Limitations

​Generated Format

​Example Guardrail

Overview

Capabilities

Limitations

Generated Format

Example Guardrail