Source Controller

dhi.io/fluxcd-source-controller

fluxcd source controller 1.6.x

CIS
linux/amd64
debian 13
Tags:

1.6, 1.6-debian, 1.6-debian13, 1.6.2, 1.6.2-debian, 1.6.2-debian13

Index digest:

sha256:3bca84336ed5a79061ddc3ca988735184d709c7e810993cc083cdba6968e3fe0

Manifest digest:

sha256:618cc131f2eb58a404eee4bf34b73eeaa5dac2e7a6a4048d80f43b82adafef43

Size

26.84 MB

Last pushed

3 days ago

Vulnerabilities

0
0
1
0
1

Support

Active

Overview

Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.

Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.

How to verify attestations

1. List all available attestations

docker scout attest list dhi.io/fluxcd-source-controller:1.6

2. Verify a specific attestation

For example, to verify the SLSA provenance attestation:

docker scout attest get dhi.io/fluxcd-source-controller:1.6 --predicate-type https://slsa.dev/provenance/v0.2 --verify

Attestations

All attestations are signed and can be verified with cosign.

PredicatePredicate typeReference
CycloneDX SBOM v1.6https://cyclonedx.org/bom/v1.6dhi.io/fluxcd-source-controller@sha256:22042505449901e5271f3dcec484e1b252f288665aec11cd67348baf1f3eccf8
Changelog v0.1https://docker.com/dhi/changelog/v0.1dhi.io/fluxcd-source-controller@sha256:c3d0802df67dda1702474b53eb6b91ee1e7d2dc8379c0aa17efc01586b589378
DHI Image Sources v0.1https://docker.com/dhi/source/v0.1dhi.io/fluxcd-source-controller@sha256:6653d4a21d9b9c866ac074ab966e355e670b97547becb07e968da9be168f97ff
CVEs v0.2https://in-toto.io/attestation/vulns/v0.2dhi.io/fluxcd-source-controller@sha256:9cac4518fdc13f9adbebd3388f93d1642eb8dbb24c5e59703584aa2bd478af16
VEX v0.2.0https://openvex.dev/ns/v0.2.0dhi.io/fluxcd-source-controller@sha256:d3cb47d568830e98cc1719311d2989c763f17167633740d9f2b214d9f0f4193c
Scout provenance v0.1https://scout.docker.com/provenance/v0.1dhi.io/fluxcd-source-controller@sha256:10a6c8e3d90c89e605e5ffbf1076d671e1f3724855110971e4f974e4a392c611
Scout SBOM v0.1https://scout.docker.com/sbom/v0.1dhi.io/fluxcd-source-controller@sha256:bfa54aa026e0232572d00176e2909cc27c5d7e7d6d6bc26558fcf1e144da5939
Secrets scan v0.1https://scout.docker.com/secrets/v0.1dhi.io/fluxcd-source-controller@sha256:ef905e9728270d8a4ad8e3ecf07274e017fced98a2f4cca8432cef14f81daf72
Tests v0.1https://scout.docker.com/tests/v0.1dhi.io/fluxcd-source-controller@sha256:4df4c738576c47b9d2d9ee1dc3f0d94e2ddf8ac54d3819b41d2b6873d1be5646
Virus scan v0.1https://scout.docker.com/virus/v0.1dhi.io/fluxcd-source-controller@sha256:f73b75ba3dcd57c02e885c0aa94957a8647d2be1dfbae1d168f20811aa14b75f
CVEs v0.1https://scout.docker.com/vulnerabilities/v0.1dhi.io/fluxcd-source-controller@sha256:56bb03c670ef19fb98c15e4d5d771779b6424cb133e02594e8b1beee95a94ffb
SLSA provenance v0.2https://slsa.dev/provenance/v0.2dhi.io/fluxcd-source-controller@sha256:2f4f5abea15c6e79665b5739f9975b6d82b8bcf2d7e84a1d08b2dbfbe71f423c
SLSA provenance v1https://slsa.dev/provenance/v1dhi.io/fluxcd-source-controller@sha256:e0376d1b910d8c2d40e1762daeefcd727eaea61dcfae6a3831edb41aeb238401
SLSA verification summary v1https://slsa.dev/verification_summary/v1dhi.io/fluxcd-source-controller@sha256:0e71e3f1242f2c7082f24636367be19a42bcf09b7e973550b11e27f94e1bd4d2
SPDX SBOMhttps://spdx.dev/Documentdhi.io/fluxcd-source-controller@sha256:0f2cf1d9c313fe8e076fd500b20da5ca2c050f170223928a3e7712e064ee3f07