Source Watcher

dhi.io/fluxcd-source-watcher

fluxcd source watcher 2.x (fips, dev)

CIS
FIPS
STIG
linux/amd64
debian 13
Tags:

2-debian-fips-dev, 2-debian13-fips-dev, 2-fips-dev, 2.2-debian-fips-dev, 2.2-debian13-fips-dev, 2.2-fips-dev, 2.2.2-debian-fips-dev, 2.2.2-debian13-fips-dev, 2.2.2-fips-dev

Index digest:

sha256:c4e24990b951f33c329b83a9986b936cadf22ca13049ae1e7f977dae76c8a1ae

Manifest digest:

sha256:66e8e22a80b349bb31cd489548c22a9f64b72423e09d04d99d07ce0057c3dfc4

Size

49.47 MB

Last pushed

2 hours ago

Vulnerabilities

0
0
1
1
0

Support

Active

Overview

Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.

Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.

How to verify attestations

1. List all available attestations

docker scout attest list dhi.io/fluxcd-source-watcher:2-debian-fips-dev

2. Verify a specific attestation

For example, to verify the SLSA provenance attestation:

docker scout attest get dhi.io/fluxcd-source-watcher:2-debian-fips-dev --predicate-type https://slsa.dev/provenance/v0.2 --verify

Attestations

All attestations are signed and can be verified with cosign.

PredicatePredicate typeReference
CycloneDX SBOM v1.6https://cyclonedx.org/bom/v1.6dhi.io/fluxcd-source-watcher@sha256:12b21de29c3a149c8a91f6f478b9b40652cac5b5b839799cefb0cd0a2fdf494b
Changelog v0.1https://docker.com/dhi/changelog/v0.1dhi.io/fluxcd-source-watcher@sha256:0757818940737af52159e67aaca247a1945ea4fb4097e590a3588a00b93833de
FIPS compliance v0.1https://docker.com/dhi/fips/v0.1dhi.io/fluxcd-source-watcher@sha256:e77a497e3bddd21dc14635b001f03c99938c04fa8ee552615d89618034023705
DHI Image Sources v0.1https://docker.com/dhi/source/v0.1dhi.io/fluxcd-source-watcher@sha256:500df904a7b7e81c9cd8d1a044095145af5c67b72988650b29c5169ec0210e18
STIG scan v0.1https://docker.com/dhi/stig/v0.1dhi.io/fluxcd-source-watcher@sha256:22642adedbf4f66bb498989e11541c7aaa66a98f9c1a99c96fb2c8ba9a41aafb
CVEs v0.2https://in-toto.io/attestation/vulns/v0.2dhi.io/fluxcd-source-watcher@sha256:b1930b39584dfee4f1f1ad6b4a1199e64b70309819677c786c1d26b02f91e48a
VEX v0.2.0https://openvex.dev/ns/v0.2.0dhi.io/fluxcd-source-watcher@sha256:fb10f706d648457c674b94b0dc59c6055eb94ea2c95af7a9e9c858ac083567bd
Scout provenance v0.1https://scout.docker.com/provenance/v0.1dhi.io/fluxcd-source-watcher@sha256:fc3b8a874f02ad8de9326cae0cdad26d3439a5d1a1d78680457da2e187a99ca8
Scout SBOM v0.1https://scout.docker.com/sbom/v0.1dhi.io/fluxcd-source-watcher@sha256:4c8e1584b2286e2db672321c3b3ddac7f919d596d96dd012d0acec262cd66ae3
Secrets scan v0.1https://scout.docker.com/secrets/v0.1dhi.io/fluxcd-source-watcher@sha256:5baf832e5194f27de33fabed67b897b3605efa3c65f43015b82938235ad0d331
Tests v0.1https://scout.docker.com/tests/v0.1dhi.io/fluxcd-source-watcher@sha256:28dcb448aa7516ca5258e0a5614592145048988a153bd8957abea4aa0dfd197b
Virus scan v0.1https://scout.docker.com/virus/v0.1dhi.io/fluxcd-source-watcher@sha256:0feb07583c1a3d3e9d5d900a26989c9a58c5162352deb6b6acae7a6949b1f44a
CVEs v0.1https://scout.docker.com/vulnerabilities/v0.1dhi.io/fluxcd-source-watcher@sha256:c05f5dfb188c4bbc2bcebc1cee957361acd2a9cf4bf09345ec969144a4e0e7f2
SLSA provenance v0.2https://slsa.dev/provenance/v0.2dhi.io/fluxcd-source-watcher@sha256:2f832bd37b3c5d2090ee35fcb82fe32bd565ce42f45597b309d9aa0093d34973
SLSA provenance v1https://slsa.dev/provenance/v1dhi.io/fluxcd-source-watcher@sha256:e91c645dbb585d15614575bf24617233f5271eb1f45ae79ce68a89cbe636103e
SLSA verification summary v1https://slsa.dev/verification_summary/v1dhi.io/fluxcd-source-watcher@sha256:48d2d1b0e75c0ac5dea32d4d64cffd1bf281ffd04619729dd60776e388421829
SPDX SBOMhttps://spdx.dev/Documentdhi.io/fluxcd-source-watcher@sha256:8482ab5ed5fd4fcf6f7f50009cc3a65ed7176379efe7186ab7b1b654756f7f2d