Source Watcher

dhi.io/fluxcd-source-watcher

fluxcd source watcher 2.x

CIS
linux/amd64
debian 13
Tags:

2, 2-debian, 2-debian13, 2.2, 2.2-debian, 2.2-debian13, 2.2.2, 2.2.2-debian, 2.2.2-debian13

Index digest:

sha256:042ad973474691e9424c1e150b4baf49c4369f8aeca4c2daff9c6b55a2bf0c2d

Manifest digest:

sha256:5c39003c116f407a720a9908c4be485cf973d718f728989adbd883b232ea7375

Size

13.56 MB

Last pushed

14 hours ago

Vulnerabilities

0
0
0
0
0

Support

Active

Overview

Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.

Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.

How to verify attestations

1. List all available attestations

docker scout attest list dhi.io/fluxcd-source-watcher:2

2. Verify a specific attestation

For example, to verify the SLSA provenance attestation:

docker scout attest get dhi.io/fluxcd-source-watcher:2 --predicate-type https://slsa.dev/provenance/v0.2 --verify

Attestations

All attestations are signed and can be verified with cosign.

PredicatePredicate typeReference
CycloneDX SBOM v1.6https://cyclonedx.org/bom/v1.6dhi.io/fluxcd-source-watcher@sha256:c01c7c50f3c1596b4f571abc8a7aa49ce1c1f24b0ea195d66b7248f29e8da46c
Changelog v0.1https://docker.com/dhi/changelog/v0.1dhi.io/fluxcd-source-watcher@sha256:87feea8cd63e1bdd107de961523609e832f93acf895d49a01255c31a7b957160
DHI Image Sources v0.1https://docker.com/dhi/source/v0.1dhi.io/fluxcd-source-watcher@sha256:a268cc64e86fd06840fee9b55a8b2702b2b26be0df130b2d86de3bbb928519cc
CVEs v0.2https://in-toto.io/attestation/vulns/v0.2dhi.io/fluxcd-source-watcher@sha256:189c592238af268a91d68c3341faf1e427d67780bab4f32e7ef098c9f9b29c39
VEX v0.2.0https://openvex.dev/ns/v0.2.0dhi.io/fluxcd-source-watcher@sha256:e8564c4c349fbd400f2b86eb63d87533e89d87dd28e20f7e8786d9934a5049fa
Scout provenance v0.1https://scout.docker.com/provenance/v0.1dhi.io/fluxcd-source-watcher@sha256:6a79c893a3d02c8f80ca5ff6b7133caa8fdc4191b76e045bd7158ffd812a5419
Scout SBOM v0.1https://scout.docker.com/sbom/v0.1dhi.io/fluxcd-source-watcher@sha256:5ef6b2b83fb5cb71f66818788efed8a1ac5ae87ccafd2ab990802d7e8fa305c3
Secrets scan v0.1https://scout.docker.com/secrets/v0.1dhi.io/fluxcd-source-watcher@sha256:86d129f6639df3bcebb10d6a923f24caa1a276cee4593a3b5dd41b0d2e3368f7
Tests v0.1https://scout.docker.com/tests/v0.1dhi.io/fluxcd-source-watcher@sha256:80144b372a46402aaed3ad75cd186483c590a113d549eb059737eea4010a2df7
Virus scan v0.1https://scout.docker.com/virus/v0.1dhi.io/fluxcd-source-watcher@sha256:f8f865727faa8be25c9d97909a1132ccd246edae32ee4c37a81e187e3604e07f
CVEs v0.1https://scout.docker.com/vulnerabilities/v0.1dhi.io/fluxcd-source-watcher@sha256:cb032b0cae0588360ab394b8b3312a231eb7121ebb0d00e330886d22b1881e9f
SLSA provenance v0.2https://slsa.dev/provenance/v0.2dhi.io/fluxcd-source-watcher@sha256:e2106a6965d758083255057046f141b16f91bdb06c376fc316d57a020634cc5f
SLSA provenance v1https://slsa.dev/provenance/v1dhi.io/fluxcd-source-watcher@sha256:2389e9c6f0602722488536b5f5fe1b563b61baf18d14a7b4ad16b31ba8489821
SLSA verification summary v1https://slsa.dev/verification_summary/v1dhi.io/fluxcd-source-watcher@sha256:989482683cc9d406476ee764a28c5365af605dce600f1b801a301e9033fe75a1
SPDX SBOMhttps://spdx.dev/Documentdhi.io/fluxcd-source-watcher@sha256:f9ad420897bf292821e740f04283730f0f0d5db1c646db9b2d7264dcf3f5dd66