dhi.io/fluxcd-source-watcher
2-debian-dev, 2-debian13-dev, 2-dev, 2.2-debian-dev, 2.2-debian13-dev, 2.2-dev, 2.2.2-debian-dev, 2.2.2-debian13-dev, 2.2.2-dev
sha256:d6d203cc457a38997c64b2a28360e8097e5074ee13fdbc20c26e5b265e8b6fc4
Manifest digest:sha256:59c6ea1c2ad9756828064a3b862af837681ea3bceb14b2d936333ed1d187008d
Size
48.71 MB
Last pushed
3 hours ago
Vulnerabilities
Support
Active
Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.
Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.
1. List all available attestations
docker scout attest list dhi.io/fluxcd-source-watcher:2-debian-dev2. Verify a specific attestation
For example, to verify the SLSA provenance attestation:
docker scout attest get dhi.io/fluxcd-source-watcher:2-debian-dev --predicate-type https://slsa.dev/provenance/v0.2 --verifyAll attestations are signed and can be verified with cosign.
| Predicate | Predicate type | Reference |
|---|---|---|
| CycloneDX SBOM v1.6 | https://cyclonedx.org/bom/v1.6 | dhi.io/fluxcd-source-watcher@sha256:77d32ef39c5eaab31668e323b2fe151e4053e8251312e8448c44a30d62ea0464 |
| Changelog v0.1 | https://docker.com/dhi/changelog/v0.1 | dhi.io/fluxcd-source-watcher@sha256:7bf8f78c074ad70bf42b19f391719b30dd30897b19a2fcec1e8974ccc30f9b1e |
| DHI Image Sources v0.1 | https://docker.com/dhi/source/v0.1 | dhi.io/fluxcd-source-watcher@sha256:b64f76daa64b79740b6664cc6bb92a0fa6b94babddd97bd9fc22dd6b8f519d8a |
| CVEs v0.2 | https://in-toto.io/attestation/vulns/v0.2 | dhi.io/fluxcd-source-watcher@sha256:85828797601a3a0a9a7507ae4a39ce6154d0502fd81afc4dc5a36d7ff5ca220a |
| VEX v0.2.0 | https://openvex.dev/ns/v0.2.0 | dhi.io/fluxcd-source-watcher@sha256:dd922b59692d0e8c07838652c52712d7574e78a0e6a31bf38cf86d6935ae8ade |
| Scout provenance v0.1 | https://scout.docker.com/provenance/v0.1 | dhi.io/fluxcd-source-watcher@sha256:5658bc1d3d0be0a9c2d2860d4755f7bf344e0f33d21d00d1f604f9a2384bc9b3 |
| Scout SBOM v0.1 | https://scout.docker.com/sbom/v0.1 | dhi.io/fluxcd-source-watcher@sha256:9a9f3fdb483cbaef8adda3361dcf60c4ec1f3579b77710df8e21e8e35fd4083c |
| Secrets scan v0.1 | https://scout.docker.com/secrets/v0.1 | dhi.io/fluxcd-source-watcher@sha256:01925d936b81412a406847f2f1e495ccc9efc08e50dc6ae9582a1aad4469e8e6 |
| Tests v0.1 | https://scout.docker.com/tests/v0.1 | dhi.io/fluxcd-source-watcher@sha256:9def4155e7a5b9eeb48779165ebcf75961aa7609b8b821b3dd1e0e8ea461efb3 |
| Virus scan v0.1 | https://scout.docker.com/virus/v0.1 | dhi.io/fluxcd-source-watcher@sha256:743cb7c0be5e764d4f67dd9161bfb47d07e1c3450aace894f01ad0256698443b |
| CVEs v0.1 | https://scout.docker.com/vulnerabilities/v0.1 | dhi.io/fluxcd-source-watcher@sha256:9dcfc7c2b02bdb07a6851b1cb649f583b0debe8381aff5cca4ec199ec4a625f2 |
| SLSA provenance v0.2 | https://slsa.dev/provenance/v0.2 | dhi.io/fluxcd-source-watcher@sha256:c7cfe399ef7bcc22c4d5545b34825be10ee95eda527fea9011afa7face1daf41 |
| SLSA provenance v1 | https://slsa.dev/provenance/v1 | dhi.io/fluxcd-source-watcher@sha256:75e3b69196581b728662ed20e938f44d35da02cdff17e744c3d03dee3a3771b8 |
| SLSA verification summary v1 | https://slsa.dev/verification_summary/v1 | dhi.io/fluxcd-source-watcher@sha256:afcd281ad1ccb88ace3bd359163357cf211aa1b731e36f15aaee97416cdffd3d |
| SPDX SBOM | https://spdx.dev/Document | dhi.io/fluxcd-source-watcher@sha256:00019630031d6ff2562256368a770b6ecc96cbd14b7cd1db8340eb4c7c1a18ec |