Source Controller

dhi.io/fluxcd-source-controller

fluxcd source controller 1.9.x (fips, dev)

CIS
FIPS
STIG
linux/arm64
debian 13
Tags:

1-debian-fips-dev, 1-debian13-fips-dev, 1-fips-dev, 1.9-debian-fips-dev, 1.9-debian13-fips-dev, 1.9-fips-dev, 1.9.3-debian-fips-dev, 1.9.3-debian13-fips-dev, 1.9.3-fips-dev

Index digest:

sha256:c37e6d1f0eee62a69259ead6d3839d6b13c9a87ea08197708c2d8577639cda73

Manifest digest:

sha256:724284cbd03aa554496a2778fdd3fc5e078bb0bf9418c4d33f662154f7bd16e3

Size

71.73 MB

Last pushed

1 hour ago

Vulnerabilities

0
0
1
1
1

Support

Active

Overview

Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.

Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.

How to verify attestations

1. List all available attestations

docker scout attest list dhi.io/fluxcd-source-controller:1-debian-fips-dev

2. Verify a specific attestation

For example, to verify the SLSA provenance attestation:

docker scout attest get dhi.io/fluxcd-source-controller:1-debian-fips-dev --predicate-type https://slsa.dev/provenance/v0.2 --verify

Attestations

All attestations are signed and can be verified with cosign.

PredicatePredicate typeReference
CycloneDX SBOM v1.6https://cyclonedx.org/bom/v1.6dhi.io/fluxcd-source-controller@sha256:0bf406145fdf87755b6b818dbbaf08f3531cbe79c08659e546bf16225f6b36c3
Changelog v0.1https://docker.com/dhi/changelog/v0.1dhi.io/fluxcd-source-controller@sha256:5caa5275c9c7d903462fbbb0b321f744e6d06f0efd9b5e3bb3f109cf142724c4
FIPS compliance v0.1https://docker.com/dhi/fips/v0.1dhi.io/fluxcd-source-controller@sha256:6fe14b155fc04dbc699d49e0466e55cce7730485f057647fdf32041157854c41
DHI Image Sources v0.1https://docker.com/dhi/source/v0.1dhi.io/fluxcd-source-controller@sha256:1458ba5b9e45329cbc52c785c082f6fd42682a0ddeb63feef697d71b3a75175f
STIG scan v0.1https://docker.com/dhi/stig/v0.1dhi.io/fluxcd-source-controller@sha256:01e9fe9056a22abd23751f7e88e69dfff67636675e6cb05b7f0cc1131145cfe6
CVEs v0.2https://in-toto.io/attestation/vulns/v0.2dhi.io/fluxcd-source-controller@sha256:058a451480712c0ebc36791224a762b3ac77847bf630291d8d3776d850b494b1
VEX v0.2.0https://openvex.dev/ns/v0.2.0dhi.io/fluxcd-source-controller@sha256:529088e899c140f9c9a5d542a962573f412f99ba13a09c7b9f3f6256bb854b76
Scout provenance v0.1https://scout.docker.com/provenance/v0.1dhi.io/fluxcd-source-controller@sha256:e375da1cd45dff8b81dacdab2eb2333b144f4babb77a700cd6378b1d68f46b0a
Scout SBOM v0.1https://scout.docker.com/sbom/v0.1dhi.io/fluxcd-source-controller@sha256:13ce3a8d885890bd5c53437ce01552dca506586357f2966182c57f9e9ab05ec6
Secrets scan v0.1https://scout.docker.com/secrets/v0.1dhi.io/fluxcd-source-controller@sha256:c89cc0e29721ae386c786a33b0b8dd1a4a95f7a098fb83212dc81f6ae4b518c3
Tests v0.1https://scout.docker.com/tests/v0.1dhi.io/fluxcd-source-controller@sha256:33dd49ba19bb05234334da785c953b1e0d69963f6e8c75ab5bc0996453eb8a4f
Virus scan v0.1https://scout.docker.com/virus/v0.1dhi.io/fluxcd-source-controller@sha256:e94f9435b77fccdfe588217a87f83c189af3eaf17f196c60663da18fa4919071
CVEs v0.1https://scout.docker.com/vulnerabilities/v0.1dhi.io/fluxcd-source-controller@sha256:85b1f2477e8043117ce927a38e9a159106cf6c977fde1338ef5456269784eba2
SLSA provenance v0.2https://slsa.dev/provenance/v0.2dhi.io/fluxcd-source-controller@sha256:5fed9b225732d4fc1d259aab4fbeda2b932392f36d618eeca1fc5447a8cb757f
SLSA provenance v1https://slsa.dev/provenance/v1dhi.io/fluxcd-source-controller@sha256:9613b1482d49f1eaa48abe77c958c12db28d7527d2d72c547029a5392cce019e
SLSA verification summary v1https://slsa.dev/verification_summary/v1dhi.io/fluxcd-source-controller@sha256:3295736ad3f34a23b29b5818dbd6e67418da56ef07cd20bfdce0b6620728c2cd
SPDX SBOMhttps://spdx.dev/Documentdhi.io/fluxcd-source-controller@sha256:383d1bb586abe69a34644b35806ce03680355f4b901d6d57e9a320894dfddbb8