> ## Documentation Index
> Fetch the complete documentation index at: https://docs.zenable.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Goss

> Server and container validation tests

## Overview

Goss validates server and container state by testing system properties like installed packages, running processes, open ports, and file contents. Tests run against built artifacts or live systems.

## Capabilities

* Test packages, files, ports, processes, services, users, groups, commands
* Fast execution (written in Go)
* YAML-based test definitions
* Container image testing via `dgoss`

## Limitations

* Requires a built container image or running server
* Not applicable to source code analysis -- check out [Semgrep](/integrations/guardrails/semgrep) or [CodeQL](/integrations/guardrails/codeql) for source code checks
* Tests runtime state, not code patterns

## Generated Format

* **Language:** YAML
* **Structure:** Goss test files with resource type sections (`package`, `file`, `port`, etc.)
* **Execution:** `goss validate` or `dgoss run <image>`

## Example Guardrail

```yaml theme={null}
package:
  openssl:
    installed: true
    versions:
      semver-constraint: ">=3.0.0"

port:
  tcp:443:
    listening: true

file:
  /etc/ssl/certs:
    exists: true
    filetype: directory

process:
  nginx:
    running: true
```

Learn more at [Goss documentation](https://goss.readthedocs.io/) and [gossfile reference](https://goss.readthedocs.io/en/stable/gossfile/).