Source Watcher

dhi.io/fluxcd-source-watcher

fluxcd source watcher 2.x (dev)

CIS
linux/amd64
debian 13
Tags:

2-debian-dev, 2-debian13-dev, 2-dev, 2.2-debian-dev, 2.2-debian13-dev, 2.2-dev, 2.2.2-debian-dev, 2.2.2-debian13-dev, 2.2.2-dev

Index digest:

sha256:d6d203cc457a38997c64b2a28360e8097e5074ee13fdbc20c26e5b265e8b6fc4

Manifest digest:

sha256:59c6ea1c2ad9756828064a3b862af837681ea3bceb14b2d936333ed1d187008d

Size

48.71 MB

Last pushed

3 hours ago

Vulnerabilities

0
0
1
1
0

Support

Active

Overview

Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.

Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.

How to verify attestations

1. List all available attestations

docker scout attest list dhi.io/fluxcd-source-watcher:2-debian-dev

2. Verify a specific attestation

For example, to verify the SLSA provenance attestation:

docker scout attest get dhi.io/fluxcd-source-watcher:2-debian-dev --predicate-type https://slsa.dev/provenance/v0.2 --verify

Attestations

All attestations are signed and can be verified with cosign.

PredicatePredicate typeReference
CycloneDX SBOM v1.6https://cyclonedx.org/bom/v1.6dhi.io/fluxcd-source-watcher@sha256:77d32ef39c5eaab31668e323b2fe151e4053e8251312e8448c44a30d62ea0464
Changelog v0.1https://docker.com/dhi/changelog/v0.1dhi.io/fluxcd-source-watcher@sha256:7bf8f78c074ad70bf42b19f391719b30dd30897b19a2fcec1e8974ccc30f9b1e
DHI Image Sources v0.1https://docker.com/dhi/source/v0.1dhi.io/fluxcd-source-watcher@sha256:b64f76daa64b79740b6664cc6bb92a0fa6b94babddd97bd9fc22dd6b8f519d8a
CVEs v0.2https://in-toto.io/attestation/vulns/v0.2dhi.io/fluxcd-source-watcher@sha256:85828797601a3a0a9a7507ae4a39ce6154d0502fd81afc4dc5a36d7ff5ca220a
VEX v0.2.0https://openvex.dev/ns/v0.2.0dhi.io/fluxcd-source-watcher@sha256:dd922b59692d0e8c07838652c52712d7574e78a0e6a31bf38cf86d6935ae8ade
Scout provenance v0.1https://scout.docker.com/provenance/v0.1dhi.io/fluxcd-source-watcher@sha256:5658bc1d3d0be0a9c2d2860d4755f7bf344e0f33d21d00d1f604f9a2384bc9b3
Scout SBOM v0.1https://scout.docker.com/sbom/v0.1dhi.io/fluxcd-source-watcher@sha256:9a9f3fdb483cbaef8adda3361dcf60c4ec1f3579b77710df8e21e8e35fd4083c
Secrets scan v0.1https://scout.docker.com/secrets/v0.1dhi.io/fluxcd-source-watcher@sha256:01925d936b81412a406847f2f1e495ccc9efc08e50dc6ae9582a1aad4469e8e6
Tests v0.1https://scout.docker.com/tests/v0.1dhi.io/fluxcd-source-watcher@sha256:9def4155e7a5b9eeb48779165ebcf75961aa7609b8b821b3dd1e0e8ea461efb3
Virus scan v0.1https://scout.docker.com/virus/v0.1dhi.io/fluxcd-source-watcher@sha256:743cb7c0be5e764d4f67dd9161bfb47d07e1c3450aace894f01ad0256698443b
CVEs v0.1https://scout.docker.com/vulnerabilities/v0.1dhi.io/fluxcd-source-watcher@sha256:9dcfc7c2b02bdb07a6851b1cb649f583b0debe8381aff5cca4ec199ec4a625f2
SLSA provenance v0.2https://slsa.dev/provenance/v0.2dhi.io/fluxcd-source-watcher@sha256:c7cfe399ef7bcc22c4d5545b34825be10ee95eda527fea9011afa7face1daf41
SLSA provenance v1https://slsa.dev/provenance/v1dhi.io/fluxcd-source-watcher@sha256:75e3b69196581b728662ed20e938f44d35da02cdff17e744c3d03dee3a3771b8
SLSA verification summary v1https://slsa.dev/verification_summary/v1dhi.io/fluxcd-source-watcher@sha256:afcd281ad1ccb88ace3bd359163357cf211aa1b731e36f15aaee97416cdffd3d
SPDX SBOMhttps://spdx.dev/Documentdhi.io/fluxcd-source-watcher@sha256:00019630031d6ff2562256368a770b6ecc96cbd14b7cd1db8340eb4c7c1a18ec