dhi.io/opensearch
3-debian-fips, 3-debian13-fips, 3-fips, 3.7-debian-fips, 3.7-debian13-fips, 3.7-fips, 3.7.0-debian-fips, 3.7.0-debian13-fips, 3.7.0-fips
sha256:430578a97edde6d8dfe7fa2c9269c64953983ecf985e6cc234fbf35035f0e9ad
Manifest digest:sha256:52f0f0dd3fea5dd5d9c369912e8649cd9f3e16a78b6a318f314478bce543d98f
Size
925.97 MB
Last pushed
14 hours ago
Vulnerabilities
Support
Active
Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.
Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.
1. List all available attestations
docker scout attest list dhi.io/opensearch:3-debian-fips2. Verify a specific attestation
For example, to verify the SLSA provenance attestation:
docker scout attest get dhi.io/opensearch:3-debian-fips --predicate-type https://slsa.dev/provenance/v0.2 --verifyAll attestations are signed and can be verified with cosign.
| Predicate | Predicate type | Reference |
|---|---|---|
| CycloneDX SBOM v1.6 | https://cyclonedx.org/bom/v1.6 | dhi.io/opensearch@sha256:cad85182983277a137260942002f3d0d04e81a264f38237758ffab11b888ccce |
| Changelog v0.1 | https://docker.com/dhi/changelog/v0.1 | dhi.io/opensearch@sha256:c9090d7959e5b165b4738377b4f5da20ab981ff2a338d28f13f512197b6fdf0c |
| FIPS compliance v0.1 | https://docker.com/dhi/fips/v0.1 | dhi.io/opensearch@sha256:86ad27adf0f4ded46fd506197bffbe5ad5407ee314e65067b11cada31ae5b139 |
| DHI Image Sources v0.1 | https://docker.com/dhi/source/v0.1 | dhi.io/opensearch@sha256:3ffe5c844af5b96434c2799f5ae27b51b14c0be5866bfa28a81f0e350d2438bb |
| STIG scan v0.1 | https://docker.com/dhi/stig/v0.1 | dhi.io/opensearch@sha256:c6c9676150ca276783061d6a69ed254c3259ffe2d0a7bda15c064fbce91e4cce |
| CVEs v0.2 | https://in-toto.io/attestation/vulns/v0.2 | dhi.io/opensearch@sha256:42efdf1de59f3190aecd1b0ef8b873e4e832daf59d036bbd70cec08e8b64e655 |
| VEX v0.2.0 | https://openvex.dev/ns/v0.2.0 | dhi.io/opensearch@sha256:1a71b33d7f46bb6bfeb8723839a3031cd4bdba3d8024b3a738b93fc7234e31ca |
| Scout provenance v0.1 | https://scout.docker.com/provenance/v0.1 | dhi.io/opensearch@sha256:aaec47af0f2438e4e1679cd20455038561e9389de21d87a7449bc7e0ff689624 |
| Scout SBOM v0.1 | https://scout.docker.com/sbom/v0.1 | dhi.io/opensearch@sha256:cff3b84812dbc1d8470fe2b0c7b936f1549a1c68b57a770ff62b6e13f260a08e |
| Secrets scan v0.1 | https://scout.docker.com/secrets/v0.1 | dhi.io/opensearch@sha256:f3bb4b6bab23c82ab30f2b8dce2e476569f599a9d8a5ff9ddca796ca2812c192 |
| Tests v0.1 | https://scout.docker.com/tests/v0.1 | dhi.io/opensearch@sha256:8d7d32c056d8906bc447748e6118817b5135cfb0b71988fc49e5d4cca48c0996 |
| Virus scan v0.1 | https://scout.docker.com/virus/v0.1 | dhi.io/opensearch@sha256:d4f68cf7bd4a9016bb570817f730a36e9aa163def231c0f107e49e59c982fb86 |
| CVEs v0.1 | https://scout.docker.com/vulnerabilities/v0.1 | dhi.io/opensearch@sha256:9623b3d23b7ba7c7e01f8e64e3c7250554eca28a67554fa236a067f2a5424764 |
| SLSA provenance v0.2 | https://slsa.dev/provenance/v0.2 | dhi.io/opensearch@sha256:2a783a17c0b478edc982ad89c5af9d5d220685863e843813d4f2d5a04a400213 |
| SLSA provenance v1 | https://slsa.dev/provenance/v1 | dhi.io/opensearch@sha256:0fe268afceb29a88837b04d4ba92ee43443766f8694bc513fc39ea588fcdf375 |
| SLSA verification summary v1 | https://slsa.dev/verification_summary/v1 | dhi.io/opensearch@sha256:84355e30d2c36ead685ff06661723e9ef3d364c3ecedc2b3306d4b5c445569a0 |
| SPDX SBOM | https://spdx.dev/Document | dhi.io/opensearch@sha256:466e9aea6b51575ee9b4a34509b4eb8573eeb66fdaf34906693b43b2f03a21f8 |