Source Controller

dhi.io/fluxcd-source-controller

fluxcd source controller 1.9.x (dev)

CIS
linux/amd64
debian 13
Tags:

1-debian-dev, 1-debian13-dev, 1-dev, 1.9-debian-dev, 1.9-debian13-dev, 1.9-dev, 1.9.3-debian-dev, 1.9.3-debian13-dev, 1.9.3-dev

Index digest:

sha256:a172a996e2b66c9bbc5961414b9507780427455c41c401164020cbe80627e172

Manifest digest:

sha256:7d84c3afaa47980fd02056a333266b1855d9e78e140fd33d8ac58386987fa7d8

Size

76.00 MB

Last pushed

1 hour ago

Vulnerabilities

0
0
1
1
1

Support

Active

Overview

Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.

Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.

How to verify attestations

1. List all available attestations

docker scout attest list dhi.io/fluxcd-source-controller:1-debian-dev

2. Verify a specific attestation

For example, to verify the SLSA provenance attestation:

docker scout attest get dhi.io/fluxcd-source-controller:1-debian-dev --predicate-type https://slsa.dev/provenance/v0.2 --verify

Attestations

All attestations are signed and can be verified with cosign.

PredicatePredicate typeReference
CycloneDX SBOM v1.6https://cyclonedx.org/bom/v1.6dhi.io/fluxcd-source-controller@sha256:93b31b1cc9cc93785f9d150eca0d8069e9b9b749423c94b40b8a70d547b93ada
Changelog v0.1https://docker.com/dhi/changelog/v0.1dhi.io/fluxcd-source-controller@sha256:b2d276d5878d7e992d74c440243d54c5bb21b3aefab5c5af8abe2e624c167d82
DHI Image Sources v0.1https://docker.com/dhi/source/v0.1dhi.io/fluxcd-source-controller@sha256:978999a654af54302227f791c82a97e4f0af2e08a8ee08fdaeb71e32b95c5856
CVEs v0.2https://in-toto.io/attestation/vulns/v0.2dhi.io/fluxcd-source-controller@sha256:43945edbdab59c3e9e7bfe256bbbd548f903480c978434b117708f17e680836a
VEX v0.2.0https://openvex.dev/ns/v0.2.0dhi.io/fluxcd-source-controller@sha256:0d32723ee145f62dd61fe68c3ac154266e7ac15ea835c384c895ac35daee89cf
Scout provenance v0.1https://scout.docker.com/provenance/v0.1dhi.io/fluxcd-source-controller@sha256:eb1a4ccff7f7d7e273bff3f78b79e7ef08fb7e34d4fb19763375750c6afc399b
Scout SBOM v0.1https://scout.docker.com/sbom/v0.1dhi.io/fluxcd-source-controller@sha256:35954b325c53daa6ffdd2a35e73a56a49987d9d7d1b3df750ad26017eab157ba
Secrets scan v0.1https://scout.docker.com/secrets/v0.1dhi.io/fluxcd-source-controller@sha256:0583dc45b14a98b92c22030b857bfd161a218c2224fa649424ebf96f4052c80d
Tests v0.1https://scout.docker.com/tests/v0.1dhi.io/fluxcd-source-controller@sha256:607e5e8599cbb9992c6a208bb469d5435e752ab41af4c26ab56751ec2fb109b9
Virus scan v0.1https://scout.docker.com/virus/v0.1dhi.io/fluxcd-source-controller@sha256:60a0eec7ba7c3f4c5ddde7a6b999c4ded4adbea596d38a9b298f912413049df0
CVEs v0.1https://scout.docker.com/vulnerabilities/v0.1dhi.io/fluxcd-source-controller@sha256:8f8d3fd3d0366bf13603e0f4fcca5cdc1479757b97636bea876165aa7556985f
SLSA provenance v0.2https://slsa.dev/provenance/v0.2dhi.io/fluxcd-source-controller@sha256:0d0cc4e13fb78fa772383db15ffdb74f38d30730ba2456491230fb72069b8b3c
SLSA provenance v1https://slsa.dev/provenance/v1dhi.io/fluxcd-source-controller@sha256:998b03772504893a9747d6607d7915ab1810f719fbdd7e15ea73b772266e8adc
SLSA verification summary v1https://slsa.dev/verification_summary/v1dhi.io/fluxcd-source-controller@sha256:2565e797a3c0a1a08df5522475effb0be59f9cab1ea4f1a1a1a9a4bf7f9ae207
SPDX SBOMhttps://spdx.dev/Documentdhi.io/fluxcd-source-controller@sha256:334b7076e33f027a80c65e7671fe3b304b941bfe03d41b8ee741c47a2135624d