OpenSearch

dhi.io/opensearch

OpenSearch 3.x (fips)

CIS
FIPS
STIG
linux/amd64
debian 13
Tags:

3-debian-fips, 3-debian13-fips, 3-fips, 3.7-debian-fips, 3.7-debian13-fips, 3.7-fips, 3.7.0-debian-fips, 3.7.0-debian13-fips, 3.7.0-fips

Index digest:

sha256:230dc2c740c1962c0826b6dc15e031839ffbd1345a7ec4cd17101d8cb2a7f79f

Manifest digest:

sha256:43dfca6da19df8ae723a27accc86e7ce5f020a3958f792c6d641049045c1a261

Size

925.97 MB

Last pushed

9 hours ago

Vulnerabilities

0
0
2
1
4

Support

Active

Overview

Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.

Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.

How to verify attestations

1. List all available attestations

docker scout attest list dhi.io/opensearch:3-debian-fips

2. Verify a specific attestation

For example, to verify the SLSA provenance attestation:

docker scout attest get dhi.io/opensearch:3-debian-fips --predicate-type https://slsa.dev/provenance/v0.2 --verify

Attestations

All attestations are signed and can be verified with cosign.

PredicatePredicate typeReference
CycloneDX SBOM v1.6https://cyclonedx.org/bom/v1.6dhi.io/opensearch@sha256:b17f1023c93b22b02e48d7870903307954e7e3053580468d652975d3754f984d
Changelog v0.1https://docker.com/dhi/changelog/v0.1dhi.io/opensearch@sha256:cf525a8f09692c88cda73fa87ec788f853eca75da2ec9bf09390c8cf5ed48580
FIPS compliance v0.1https://docker.com/dhi/fips/v0.1dhi.io/opensearch@sha256:c57b2b0a20655d60b64f422e8446ac5e281a0e2fd5f2455aa9e50dc177f0ca7b
DHI Image Sources v0.1https://docker.com/dhi/source/v0.1dhi.io/opensearch@sha256:03d8c6f0e03aecd353c67d7ddccef9c61912e2d10d26a9bc30056e72a310189f
STIG scan v0.1https://docker.com/dhi/stig/v0.1dhi.io/opensearch@sha256:4932904bbc256b1b624884a01f278d34eb280d58d4127ea69572132b444d913a
CVEs v0.2https://in-toto.io/attestation/vulns/v0.2dhi.io/opensearch@sha256:fe8f725e38435961b59636fd419497ebcbfbf37504d4ff62f2ec521c30550606
VEX v0.2.0https://openvex.dev/ns/v0.2.0dhi.io/opensearch@sha256:49894d4dce0ccdcc4b7b55bb0197a5798a13df038348fa36c035d24a7f53fa07
Scout provenance v0.1https://scout.docker.com/provenance/v0.1dhi.io/opensearch@sha256:1df9d3c8e008b1615aabb3acf2aca48399bf421c41e6abdc314b01babeab033a
Scout SBOM v0.1https://scout.docker.com/sbom/v0.1dhi.io/opensearch@sha256:cdf268de9ea4315a3148554112d937166353d9f626d7882b015f76d471419493
Secrets scan v0.1https://scout.docker.com/secrets/v0.1dhi.io/opensearch@sha256:90ce4ff37f6e94337fe78b40a51aaf4212610499810dffb3a81e2c829b43bde5
Tests v0.1https://scout.docker.com/tests/v0.1dhi.io/opensearch@sha256:6307d07e20a702214c480bdbf7bed213a90bc2df1046110290d6e8c4deffa84f
Virus scan v0.1https://scout.docker.com/virus/v0.1dhi.io/opensearch@sha256:4605b0ea74f95493c1d80660a75698b212f89a77bd5ebe35db26438861b78ca1
CVEs v0.1https://scout.docker.com/vulnerabilities/v0.1dhi.io/opensearch@sha256:bf845a724feb756311688657b5d8a04f7183c3ee81add09c9deecdac8431dc9a
SLSA provenance v0.2https://slsa.dev/provenance/v0.2dhi.io/opensearch@sha256:62f0a7146ab1e19e8b786ae23e22930777a4e85d9854526b90c9f8783088359b
SLSA provenance v1https://slsa.dev/provenance/v1dhi.io/opensearch@sha256:6d48908e011d1863d3cf8529b89e20061c0dbae8074ccae0beacc3c47ac723c6
SLSA verification summary v1https://slsa.dev/verification_summary/v1dhi.io/opensearch@sha256:0d610ba59a2a00e0e4893b787cdeeedbed7725394d0e4ad3b03af169e2ae8384
SPDX SBOMhttps://spdx.dev/Documentdhi.io/opensearch@sha256:b2a8be74159378187811089d5c86355935d88f72c7d1bbcef17acf60919343f0