dhi.io/fluxcd-source-controller
1.6, 1.6-debian, 1.6-debian13, 1.6.2, 1.6.2-debian, 1.6.2-debian13
sha256:3bca84336ed5a79061ddc3ca988735184d709c7e810993cc083cdba6968e3fe0
Manifest digest:sha256:618cc131f2eb58a404eee4bf34b73eeaa5dac2e7a6a4048d80f43b82adafef43
Size
26.84 MB
Last pushed
3 days ago
Vulnerabilities
Support
Active
Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.
Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.
1. List all available attestations
docker scout attest list dhi.io/fluxcd-source-controller:1.62. Verify a specific attestation
For example, to verify the SLSA provenance attestation:
docker scout attest get dhi.io/fluxcd-source-controller:1.6 --predicate-type https://slsa.dev/provenance/v0.2 --verifyAll attestations are signed and can be verified with cosign.
| Predicate | Predicate type | Reference |
|---|---|---|
| CycloneDX SBOM v1.6 | https://cyclonedx.org/bom/v1.6 | dhi.io/fluxcd-source-controller@sha256:22042505449901e5271f3dcec484e1b252f288665aec11cd67348baf1f3eccf8 |
| Changelog v0.1 | https://docker.com/dhi/changelog/v0.1 | dhi.io/fluxcd-source-controller@sha256:c3d0802df67dda1702474b53eb6b91ee1e7d2dc8379c0aa17efc01586b589378 |
| DHI Image Sources v0.1 | https://docker.com/dhi/source/v0.1 | dhi.io/fluxcd-source-controller@sha256:6653d4a21d9b9c866ac074ab966e355e670b97547becb07e968da9be168f97ff |
| CVEs v0.2 | https://in-toto.io/attestation/vulns/v0.2 | dhi.io/fluxcd-source-controller@sha256:9cac4518fdc13f9adbebd3388f93d1642eb8dbb24c5e59703584aa2bd478af16 |
| VEX v0.2.0 | https://openvex.dev/ns/v0.2.0 | dhi.io/fluxcd-source-controller@sha256:d3cb47d568830e98cc1719311d2989c763f17167633740d9f2b214d9f0f4193c |
| Scout provenance v0.1 | https://scout.docker.com/provenance/v0.1 | dhi.io/fluxcd-source-controller@sha256:10a6c8e3d90c89e605e5ffbf1076d671e1f3724855110971e4f974e4a392c611 |
| Scout SBOM v0.1 | https://scout.docker.com/sbom/v0.1 | dhi.io/fluxcd-source-controller@sha256:bfa54aa026e0232572d00176e2909cc27c5d7e7d6d6bc26558fcf1e144da5939 |
| Secrets scan v0.1 | https://scout.docker.com/secrets/v0.1 | dhi.io/fluxcd-source-controller@sha256:ef905e9728270d8a4ad8e3ecf07274e017fced98a2f4cca8432cef14f81daf72 |
| Tests v0.1 | https://scout.docker.com/tests/v0.1 | dhi.io/fluxcd-source-controller@sha256:4df4c738576c47b9d2d9ee1dc3f0d94e2ddf8ac54d3819b41d2b6873d1be5646 |
| Virus scan v0.1 | https://scout.docker.com/virus/v0.1 | dhi.io/fluxcd-source-controller@sha256:f73b75ba3dcd57c02e885c0aa94957a8647d2be1dfbae1d168f20811aa14b75f |
| CVEs v0.1 | https://scout.docker.com/vulnerabilities/v0.1 | dhi.io/fluxcd-source-controller@sha256:56bb03c670ef19fb98c15e4d5d771779b6424cb133e02594e8b1beee95a94ffb |
| SLSA provenance v0.2 | https://slsa.dev/provenance/v0.2 | dhi.io/fluxcd-source-controller@sha256:2f4f5abea15c6e79665b5739f9975b6d82b8bcf2d7e84a1d08b2dbfbe71f423c |
| SLSA provenance v1 | https://slsa.dev/provenance/v1 | dhi.io/fluxcd-source-controller@sha256:e0376d1b910d8c2d40e1762daeefcd727eaea61dcfae6a3831edb41aeb238401 |
| SLSA verification summary v1 | https://slsa.dev/verification_summary/v1 | dhi.io/fluxcd-source-controller@sha256:0e71e3f1242f2c7082f24636367be19a42bcf09b7e973550b11e27f94e1bd4d2 |
| SPDX SBOM | https://spdx.dev/Document | dhi.io/fluxcd-source-controller@sha256:0f2cf1d9c313fe8e076fd500b20da5ca2c050f170223928a3e7712e064ee3f07 |