Source Controller

dhi.io/fluxcd-source-controller

fluxcd source controller 1.9.x

CIS
linux/amd64
debian 13
Tags:

1, 1-debian, 1-debian13, 1.9, 1.9-debian, 1.9-debian13, 1.9.3, 1.9.3-debian, 1.9.3-debian13

Index digest:

sha256:9492d65824cbb5401149e26a6afa866f94904725eebaa0109cda7030ea2b4588

Manifest digest:

sha256:e40e3edf09a4bd18664c39e7e8bf05a8a3da51449008a86675eca660368ab1c6

Size

27.73 MB

Last pushed

3 days ago

Vulnerabilities

0
0
0
0
1

Support

Active

Overview

Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.

Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.

How to verify attestations

1. List all available attestations

docker scout attest list dhi.io/fluxcd-source-controller:1

2. Verify a specific attestation

For example, to verify the SLSA provenance attestation:

docker scout attest get dhi.io/fluxcd-source-controller:1 --predicate-type https://slsa.dev/provenance/v0.2 --verify

Attestations

All attestations are signed and can be verified with cosign.

PredicatePredicate typeReference
CycloneDX SBOM v1.6https://cyclonedx.org/bom/v1.6dhi.io/fluxcd-source-controller@sha256:83682c07c9cc5e8284306f332606d8ec0dc7019b3e6a443c640e6bbdd85d6a11
Changelog v0.1https://docker.com/dhi/changelog/v0.1dhi.io/fluxcd-source-controller@sha256:9b9e7c43952f6b274d0286213bd16c33d5caa315174aa17525816e3bccaf8362
DHI Image Sources v0.1https://docker.com/dhi/source/v0.1dhi.io/fluxcd-source-controller@sha256:7cf304d4ce17e372130d7ab86cab27795ef60cac4b2f8c88a27087046cf059b9
CVEs v0.2https://in-toto.io/attestation/vulns/v0.2dhi.io/fluxcd-source-controller@sha256:39ece9441d0d40567b140c22ff99eea2825cc814c59a741841ed7c3eea8da5ce
VEX v0.2.0https://openvex.dev/ns/v0.2.0dhi.io/fluxcd-source-controller@sha256:dc2d8a36452635e567eba40b322373135dcc28c72ba558aa5eaaae1c458645e7
Scout provenance v0.1https://scout.docker.com/provenance/v0.1dhi.io/fluxcd-source-controller@sha256:ae1d6b367e3bcaa5669899bc9150ee5f8869084f0694f3e502afe542458d0741
Scout SBOM v0.1https://scout.docker.com/sbom/v0.1dhi.io/fluxcd-source-controller@sha256:66749da2f8d353f239a3ffae21289bf15c2f7361ad313d8f086b8e8ebe7f44bc
Secrets scan v0.1https://scout.docker.com/secrets/v0.1dhi.io/fluxcd-source-controller@sha256:035995d80bd697bf691e0c390648ed83f65406620cbc83ef6ae36568d9a5067a
Tests v0.1https://scout.docker.com/tests/v0.1dhi.io/fluxcd-source-controller@sha256:52753ce1cb77eb524b826f4bc93761863860fe51faf885b413dc06facb6d4a52
Virus scan v0.1https://scout.docker.com/virus/v0.1dhi.io/fluxcd-source-controller@sha256:c62d4e5df7fe7ebddd1d6acc2810bb441ed781ecc3fc2cb8a47af8179c65c9a4
CVEs v0.1https://scout.docker.com/vulnerabilities/v0.1dhi.io/fluxcd-source-controller@sha256:b53a47bac9cace83484e87ad86dd162d21c42612ff626aed4d10ff35eafedf14
SLSA provenance v0.2https://slsa.dev/provenance/v0.2dhi.io/fluxcd-source-controller@sha256:7cb6bf8a673e1e7c6284efb3a91149933d38cd407df676cc58ee946b009ee33a
SLSA provenance v1https://slsa.dev/provenance/v1dhi.io/fluxcd-source-controller@sha256:483acea56db3966c441110ae1385c90d6a3cb1bb37bfe230aacbddbcd6fb1863
SLSA verification summary v1https://slsa.dev/verification_summary/v1dhi.io/fluxcd-source-controller@sha256:c9b076943618f2dd3354c30caf640fd234045acf52eb3b2dcc6339c416edf494
SPDX SBOMhttps://spdx.dev/Documentdhi.io/fluxcd-source-controller@sha256:0479450bba4a674613b3607e2aef20c4e84bca39caa49b906ae162dbf15b16f4