docs(image): add Image provider CLI documentation (#9986)

docs/docs.json

@@ -255,6 +255,12 @@
                   "user-guide/providers/cloudflare/authentication"
                 ]
               },
+              {
+                "group": "Image",
+                "pages": [
+                  "user-guide/providers/image/getting-started-image"
+                ]
+              },
               {
                 "group": "LLM",
                 "pages": [

docs/introduction.mdx

@@ -38,6 +38,7 @@ The supported providers right now are:
 | [MongoDB Atlas](/user-guide/providers/mongodbatlas/getting-started-mongodbatlas)           | Official   | Organizations                | UI, API, CLI |
 | [OpenStack](/user-guide/providers/openstack/getting-started-openstack)                     | Official   | Projects                     | CLI          |
 | [LLM](/user-guide/providers/llm/getting-started-llm)                                     | Official   | Models                       | CLI          |
+| [Image](/user-guide/providers/image/getting-started-image)                                | Official   | Container Images             | CLI          |
 | **NHN**                                                                                   | Unofficial | Tenants                      | CLI          |
 
 For more information about the checks and compliance of each provider visit [Prowler Hub](https://hub.prowler.com).

docs/user-guide/providers/github/getting-started-github.mdx

@@ -94,7 +94,7 @@ prowler github --github-app-id app_id --github-app-key-path app_key_path
 
 ### Scan Scoping
 
-By default, Prowler scans all repositories accessible to the authenticated user or organization. To limit the scan to specific repositories or organizations, use the following flags.
+Scan scoping controls which repositories and organizations Prowler includes in a security assessment. By default, Prowler scans all repositories accessible to the authenticated user or organization. To limit the scan to specific repositories or organizations, use the following flags.
 
 #### Scanning Specific Repositories
 

docs/user-guide/providers/image/getting-started-image.mdx

@@ -0,0 +1,197 @@
+---
+title: "Getting Started with the Image Provider"
+---
+
+import { VersionBadge } from "/snippets/version-badge.mdx"
+
+Prowler's Image provider enables comprehensive container image security scanning by integrating with [Trivy](https://trivy.dev/). This provider detects vulnerabilities, exposed secrets, and misconfigurations in container images, converting Trivy findings into Prowler's standard reporting format for unified security assessment.
+
+## How It Works
+
+* **Trivy integration:** Prowler leverages [Trivy](https://trivy.dev/) to scan container images for vulnerabilities, secrets, misconfigurations, and license issues.
+* **Trivy required:** Trivy must be installed and available in the system PATH before running any scan.
+* **Authentication:** No registry authentication is required for public images. For private registries, configure Docker credentials via `docker login` before scanning.
+* **Output formats:** Results are output in the same formats as other Prowler providers (CSV, JSON, HTML, etc.).
+
+## Prowler CLI
+
+<VersionBadge version="5.19.0" />
+
+<Note>
+The Image provider is currently available in Prowler CLI only.
+</Note>
+
+### Install Trivy
+
+Install Trivy using one of the following methods:
+
+<Tabs>
+  <Tab title="Homebrew">
+    ```bash
+    brew install trivy
+    ```
+  </Tab>
+  <Tab title="apt (Debian/Ubuntu)">
+    ```bash
+    sudo apt-get install trivy
+    ```
+  </Tab>
+  <Tab title="Install Script">
+    ```bash
+    curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+    ```
+  </Tab>
+</Tabs>
+
+For additional installation methods, see the [Trivy installation guide](https://trivy.dev/latest/getting-started/installation/).
+
+
+### Supported Scanners
+
+Prowler CLI supports the following scanners:
+
+* [Vulnerability](https://trivy.dev/docs/latest/guide/scanner/vulnerability/)
+* [Secret](https://trivy.dev/docs/latest/guide/scanner/secret/)
+* [Misconfiguration](https://trivy.dev/docs/latest/guide/scanner/misconfiguration/)
+* [License](https://trivy.dev/docs/latest/guide/scanner/license/)
+
+By default, only vulnerability and secret scanners run during a scan. To specify which scanners to use, refer to the [Specify Scanners](#specify-scanners) section below.
+
+### Scan Container Images
+
+Use the `image` argument to run Prowler with the Image provider. Specify the images to scan using the `-I` flag or an image list file.
+
+#### Scan a Single Image
+
+To scan a single container image:
+
+```bash
+prowler image -I alpine:3.18
+```
+
+#### Scan Multiple Images
+
+To scan multiple images, repeat the `-I` flag:
+
+```bash
+prowler image -I nginx:latest -I redis:7 -I python:3.12-slim
+```
+
+#### Scan From an Image List File
+
+For large-scale scanning, provide a file containing one image per line:
+
+```bash
+prowler image --image-list images.txt
+```
+
+The file supports comments (lines starting with `#`) and blank lines:
+
+```text
+# Production images
+nginx:1.25
+redis:7-alpine
+
+# Development images
+python:3.12-slim
+node:20-bookworm
+```
+
+<Note>
+Image list files are limited to a maximum of 10,000 lines. Individual image names exceeding 500 characters are automatically skipped with a warning.
+</Note>
+
+<Warning>
+Image names must follow the Open Container Initiative (OCI) reference format. Valid names start with an alphanumeric character and contain only letters, digits, periods, hyphens, underscores, slashes, colons, and `@` symbols. Names containing shell metacharacters (`;`, `|`, `&`, `$`, `` ` ``) are rejected to prevent command injection.
+</Warning>
+
+Valid examples:
+* **Standard tag:** `alpine:3.18`
+* **Custom registry:** `myregistry.io/myapp:v1.0`
+* **SHA digest:** `ghcr.io/org/image@sha256:abc123...`
+
+#### Specify Scanners
+
+To select which scanners Trivy runs, use the `--scanners` option. By default, Prowler enables `vuln` and `secret` scanners:
+
+```bash
+# Vulnerability scanning only
+prowler image -I alpine:3.18 --scanners vuln
+
+# All available scanners
+prowler image -I alpine:3.18 --scanners vuln secret misconfig license
+```
+
+
+#### Image Config Scanners
+
+To scan Dockerfile-level metadata for misconfigurations or embedded secrets, use the `--image-config-scanners` option:
+
+```bash
+# Scan Dockerfile for misconfigurations
+prowler image -I alpine:3.18 --image-config-scanners misconfig
+
+# Scan Dockerfile for both misconfigurations and secrets
+prowler image -I alpine:3.18 --image-config-scanners misconfig secret
+```
+
+Available image config scanners:
+
+* **misconfig**: Detects Dockerfile misconfigurations (e.g., running as root, missing health checks)
+* **secret**: Identifies secrets embedded in Dockerfile instructions
+
+<Note>
+Image config scanners are disabled by default. This option is independent from `--scanners` and specifically targets the image configuration (Dockerfile) rather than the image filesystem.
+</Note>
+
+#### Filter by Severity
+
+To filter findings by severity level, use the `--trivy-severity` option:
+
+```bash
+# Only critical and high severity findings
+prowler image -I alpine:3.18 --trivy-severity CRITICAL HIGH
+```
+
+Available severity levels: `CRITICAL`, `HIGH`, `MEDIUM`, `LOW`, `UNKNOWN`.
+
+#### Ignore Unfixed Vulnerabilities
+
+To exclude vulnerabilities without available fixes:
+
+```bash
+prowler image -I alpine:3.18 --ignore-unfixed
+```
+
+#### Configure Scan Timeout
+
+To adjust the scan timeout for large images or slow network conditions, use the `--timeout` option:
+
+```bash
+prowler image -I large-image:latest --timeout 10m
+```
+
+The timeout accepts values in seconds (`s`), minutes (`m`), or hours (`h`). Default: `5m`.
+
+### Authentication for Private Registries
+
+The Image provider relies on Trivy for registry authentication. To scan images from private registries, configure Docker credentials before running the scan:
+
+```bash
+# Log in to a private registry
+docker login myregistry.io
+
+# Then scan the image
+prowler image -I myregistry.io/myapp:v1.0
+```
+
+Trivy automatically uses credentials from Docker's credential store (`~/.docker/config.json`).
+
+### Troubleshooting Common Scan Errors
+
+The Image provider categorizes common Trivy errors with actionable guidance:
+
+* **Authentication failure (401/403):** Registry credentials are missing or invalid. Run `docker login` for the target registry and retry the scan.
+* **Image not found (404):** The specified image name, tag, or registry is incorrect. Verify the image reference exists and is accessible.
+* **Rate limited (429):** The container registry is throttling requests. Wait before retrying, or authenticate to increase rate limits.
+* **Network issue:** Trivy cannot reach the registry due to connectivity problems. Check network access, DNS resolution, and firewall rules.

docs/user-guide/tutorials/prowler-app-sso.mdx

@@ -53,7 +53,7 @@ On the profile page, find the "SAML SSO Integration" card and click "Enable" to
 
 ![Enable SAML Integration](/images/prowler-app/saml/saml-step-2.png)
 
-Next section will explain how to fill the IdP configuration based on your Identity Provider.
+The next section explains how to configure the IdP settings based on the selected Identity Provider.
 
 #### Step 3: Configure the Identity Provider (IdP)
 Choose a Method:
@@ -87,7 +87,7 @@ Choose a Method:
         |----------------|---------------------------------------------------------------------------------------------------------|----------|
         | `firstName`    | The user's first name.                                                                                  | Yes      |
         | `lastName`     | The user's last name.                                                                                   | Yes      |
-        | `userType`     | The Prowler role to be assigned to the user (e.g., `admin`, `auditor`). If a role with that name already exists, it will be used; if it does not exist, a new role with that name will be created without permissions. If `userType` is not defined, the user is assigned the `no_permissions` role. Role permissions can be edited in the [RBAC Management tab](/user-guide/tutorials/prowler-app-rbac). | No       |
+        | `userType`     | Determines which Prowler role the user receives (e.g., `admin`, `auditor`). If a role with that name already exists, the user receives it automatically; if it does not exist, Prowler App creates a new role with that name without permissions. If `userType` is not defined, the user is assigned the `no_permissions` role. Role permissions can be edited in the [RBAC Management tab](/user-guide/tutorials/prowler-app-rbac). | No       |
         | `companyName`  | The user's company name. This is automatically populated if the IdP sends an `organization` attribute. | No       |
 
         <Info>