Add support for matching the lack of a pattern

[nholuongut]

Hi, I'm not sure if this is currently possible, but it would be useful to check for patterns that should exist, in addition to detecting patterns that should not exist. This could maybe be implemented as a configuration option in the YAML file?

Certain security best practices recommend the presence of specific statements. For example, The OWASP Cheat Sheet suggests using a USER directive in Dockerfiles to prevent privilege escalation attacks. However, I don’t see a way to enforce this check using the current format.