Elasticsearch

dhi.io/elasticsearch

Elasticsearch 9.4.x (fips)

CIS
FIPS
STIG
linux/amd64
debian 13
Tags:

9-debian-fips, 9-debian13-fips, 9-fips, 9.4-debian-fips, 9.4-debian13-fips, 9.4-fips, 9.4.3-debian-fips, 9.4.3-debian13-fips, 9.4.3-fips

Index digest:

sha256:4ec9abad7ac23d41f6f893234d096afb13feaeeb41978f12a5d92acd3aa33e6d

Manifest digest:

sha256:29ee23ee3601cfe46a565361ae2a5e73e4176caef679762c011b067ca9e3570d

Size

698.63 MB

Last pushed

2 days ago

Vulnerabilities

0
2
7
1
0

Support

Active

Overview

Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.

Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.

How to verify attestations

1. List all available attestations

docker scout attest list dhi.io/elasticsearch:9-debian-fips

2. Verify a specific attestation

For example, to verify the SLSA provenance attestation:

docker scout attest get dhi.io/elasticsearch:9-debian-fips --predicate-type https://slsa.dev/provenance/v0.2 --verify

Attestations

All attestations are signed and can be verified with cosign.

PredicatePredicate typeReference
CycloneDX SBOM v1.6https://cyclonedx.org/bom/v1.6dhi.io/elasticsearch@sha256:957f172d65d17b55ea32ef18a78a9e1caff0858760409f7263d42f5c08bb702f
Changelog v0.1https://docker.com/dhi/changelog/v0.1dhi.io/elasticsearch@sha256:a981fe4e6caacb2bb3e3f16b3f619e59ee91dc8f9014e2fe16912da07eef8770
FIPS compliance v0.1https://docker.com/dhi/fips/v0.1dhi.io/elasticsearch@sha256:47caf7a52184edbbea96b54364152c3096f5168402cac2fcc7e7e158a8f714e0
DHI Image Sources v0.1https://docker.com/dhi/source/v0.1dhi.io/elasticsearch@sha256:c68d9c1c280c55bad4bba7e64933dbad9e8bc187e28d3e61939cb38118fc1871
STIG scan v0.1https://docker.com/dhi/stig/v0.1dhi.io/elasticsearch@sha256:3dbf73c7ae88083631dcbb8009a4f6d40183abd9a5e21e081d68356474b98502
CVEs v0.2https://in-toto.io/attestation/vulns/v0.2dhi.io/elasticsearch@sha256:d505e3ce9afe7b0ea7300445e2c5047b503daed409a0278f15a111a79b67cc7e
VEX v0.2.0https://openvex.dev/ns/v0.2.0dhi.io/elasticsearch@sha256:c46c512f959ae417f9f6a31e5fa0484805a2350e481ab201b7d19166a8bb0a5a
Scout provenance v0.1https://scout.docker.com/provenance/v0.1dhi.io/elasticsearch@sha256:6101d9d852bdde52439816d773d17ca8fd43793d7a3c2b3fa88b661e06aaeacf
Scout SBOM v0.1https://scout.docker.com/sbom/v0.1dhi.io/elasticsearch@sha256:612c2826dce1401dc4df735e0a4a8a6c40f76ededec4a26500fb175696852a1b
Secrets scan v0.1https://scout.docker.com/secrets/v0.1dhi.io/elasticsearch@sha256:46b011eafbe520c5dc7c46b59ac2ac7e83b1d02585ba69ab9ee50a027625485f
Tests v0.1https://scout.docker.com/tests/v0.1dhi.io/elasticsearch@sha256:59dab8f1ac57d68cc04b316ee8403b7a47e543b287e1edccd88e4e4692245989
Virus scan v0.1https://scout.docker.com/virus/v0.1dhi.io/elasticsearch@sha256:d16ebcafe2f0e2706d1634f0aeb24b339bc5df25ec9187a27d4ea154fb8d0e6a
CVEs v0.1https://scout.docker.com/vulnerabilities/v0.1dhi.io/elasticsearch@sha256:d6578417152d95ec0a9636aecfbfbf18f07261910684e7251ca82eb536126340
SLSA provenance v0.2https://slsa.dev/provenance/v0.2dhi.io/elasticsearch@sha256:e5bb4857f1381f958fc3a3eb4b20329dd7053ae9b6f72f32c1c745808130d963
SLSA provenance v1https://slsa.dev/provenance/v1dhi.io/elasticsearch@sha256:d710b6bef44f87722b1de9f9533b7535b28fb8aa277e02c7f53869d5fbc7444a
SLSA verification summary v1https://slsa.dev/verification_summary/v1dhi.io/elasticsearch@sha256:5ec448b2d27fcade72b14221868ddea4ae3c6cdcb9e2cd6fcdcb7506d1841c69
SPDX SBOMhttps://spdx.dev/Documentdhi.io/elasticsearch@sha256:25bfae8252fcdc05a51ec2fd4d58948f5f0adeb7490fa5b7d42664fdb7f41363