Source Controller

dhi.io/fluxcd-source-controller

fluxcd source controller 1.6.x (fips)

CIS
FIPS
STIG
linux/amd64
debian 13
Tags:

1.6-debian-fips, 1.6-debian13-fips, 1.6-fips, 1.6.2-debian-fips, 1.6.2-debian13-fips, 1.6.2-fips

Index digest:

sha256:c6eb3b431d00f7b1f7110d9154863171a6c065caf537874afdb2617b5ec18d40

Manifest digest:

sha256:215d1b63fc7b7a24b3f2b340dc94d2e9f8bef0517c59d0ede9746569316bb76b

Size

35.02 MB

Last pushed

2 days ago

Vulnerabilities

0
0
1
0
1

Support

Active

Overview

Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.

Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.

How to verify attestations

1. List all available attestations

docker scout attest list dhi.io/fluxcd-source-controller:1.6-debian-fips

2. Verify a specific attestation

For example, to verify the SLSA provenance attestation:

docker scout attest get dhi.io/fluxcd-source-controller:1.6-debian-fips --predicate-type https://slsa.dev/provenance/v0.2 --verify

Attestations

All attestations are signed and can be verified with cosign.

PredicatePredicate typeReference
CycloneDX SBOM v1.6https://cyclonedx.org/bom/v1.6dhi.io/fluxcd-source-controller@sha256:28ff1f6037823a9ef7b02c7bf571d7f569f59f2588402d1b15af69dcdbc821ec
Changelog v0.1https://docker.com/dhi/changelog/v0.1dhi.io/fluxcd-source-controller@sha256:9ed34088a9926007a0bdb4ca3c40a4b1dadd309502940a336f1d7b6720f87c5a
FIPS compliance v0.1https://docker.com/dhi/fips/v0.1dhi.io/fluxcd-source-controller@sha256:7233593b37be4ea305a3b55e6ef48364b9e6503fbe3bc84efba38f359447a9b4
DHI Image Sources v0.1https://docker.com/dhi/source/v0.1dhi.io/fluxcd-source-controller@sha256:f1604c349f7dab4c74e9222ab5864a1edcfad5a4c7be7cc54f31da29cc63674e
STIG scan v0.1https://docker.com/dhi/stig/v0.1dhi.io/fluxcd-source-controller@sha256:a6ab70dfe314acef1baf641c497c22380792cdcd6db7d3f609ea93ab403692ac
CVEs v0.2https://in-toto.io/attestation/vulns/v0.2dhi.io/fluxcd-source-controller@sha256:7b25f06d7106ff57430e2836d057b1b3a4cd0b6c6ff7a2e7b8c4f23ab9ba3493
VEX v0.2.0https://openvex.dev/ns/v0.2.0dhi.io/fluxcd-source-controller@sha256:7f2163c1ec7e4460ad630c4020fb78433886001c708e961272b33dfbfc86c781
Scout provenance v0.1https://scout.docker.com/provenance/v0.1dhi.io/fluxcd-source-controller@sha256:c577d5c94ce61e93718aa4bdd5dc53cced3604cbf5700a89b50fdc7b04329345
Scout SBOM v0.1https://scout.docker.com/sbom/v0.1dhi.io/fluxcd-source-controller@sha256:5ddf3d871054b929e1853455588fec454d278b00ca29bfcb9339f57b613b0629
Secrets scan v0.1https://scout.docker.com/secrets/v0.1dhi.io/fluxcd-source-controller@sha256:12148ad9e0ce80ae673b72874531123d6f1e38ad8068466cdec234b5a4fd68a7
Tests v0.1https://scout.docker.com/tests/v0.1dhi.io/fluxcd-source-controller@sha256:6bbd6d3995bae1625bdcc69c6023f03a3568c12e961bbd36dfe8abfdf3ebd3d0
Virus scan v0.1https://scout.docker.com/virus/v0.1dhi.io/fluxcd-source-controller@sha256:a8ed7f43ff02cb169125444d10cee314013b54b4a2c3005d7f029d97c61bce01
CVEs v0.1https://scout.docker.com/vulnerabilities/v0.1dhi.io/fluxcd-source-controller@sha256:e5a042535cb38d6eedf1f0f8d4e099ef19636fda2d16a6976aaca5a4a7edc1c2
SLSA provenance v0.2https://slsa.dev/provenance/v0.2dhi.io/fluxcd-source-controller@sha256:e3861a6d01a9ca6694952a565af5f02c440c0ffd7879337e4653be90d1f3af5b
SLSA provenance v1https://slsa.dev/provenance/v1dhi.io/fluxcd-source-controller@sha256:f86e89e668879bc63ef94b41d2b38aed7893c6a92c8f5996c48fcb91f16f1066
SLSA verification summary v1https://slsa.dev/verification_summary/v1dhi.io/fluxcd-source-controller@sha256:a72e60eb030e8c7c8f4a5d4deca0dd3098c9630e79027b3cfccdb42c9c17b934
SPDX SBOMhttps://spdx.dev/Documentdhi.io/fluxcd-source-controller@sha256:0fc78df1ee63831f160ab8bcac11087558bc642bbcf2fb8232404d4c41879d1a