OpenSearch

dhi.io/opensearch

OpenSearch 3.x (fips)

CIS
FIPS
STIG
linux/amd64
debian 13
Tags:

3-debian-fips, 3-debian13-fips, 3-fips, 3.7-debian-fips, 3.7-debian13-fips, 3.7-fips, 3.7.0-debian-fips, 3.7.0-debian13-fips, 3.7.0-fips

Index digest:

sha256:430578a97edde6d8dfe7fa2c9269c64953983ecf985e6cc234fbf35035f0e9ad

Manifest digest:

sha256:52f0f0dd3fea5dd5d9c369912e8649cd9f3e16a78b6a318f314478bce543d98f

Size

925.97 MB

Last pushed

14 hours ago

Vulnerabilities

0
0
2
1
4

Support

Active

Overview

Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.

Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.

How to verify attestations

1. List all available attestations

docker scout attest list dhi.io/opensearch:3-debian-fips

2. Verify a specific attestation

For example, to verify the SLSA provenance attestation:

docker scout attest get dhi.io/opensearch:3-debian-fips --predicate-type https://slsa.dev/provenance/v0.2 --verify

Attestations

All attestations are signed and can be verified with cosign.

PredicatePredicate typeReference
CycloneDX SBOM v1.6https://cyclonedx.org/bom/v1.6dhi.io/opensearch@sha256:cad85182983277a137260942002f3d0d04e81a264f38237758ffab11b888ccce
Changelog v0.1https://docker.com/dhi/changelog/v0.1dhi.io/opensearch@sha256:c9090d7959e5b165b4738377b4f5da20ab981ff2a338d28f13f512197b6fdf0c
FIPS compliance v0.1https://docker.com/dhi/fips/v0.1dhi.io/opensearch@sha256:86ad27adf0f4ded46fd506197bffbe5ad5407ee314e65067b11cada31ae5b139
DHI Image Sources v0.1https://docker.com/dhi/source/v0.1dhi.io/opensearch@sha256:3ffe5c844af5b96434c2799f5ae27b51b14c0be5866bfa28a81f0e350d2438bb
STIG scan v0.1https://docker.com/dhi/stig/v0.1dhi.io/opensearch@sha256:c6c9676150ca276783061d6a69ed254c3259ffe2d0a7bda15c064fbce91e4cce
CVEs v0.2https://in-toto.io/attestation/vulns/v0.2dhi.io/opensearch@sha256:42efdf1de59f3190aecd1b0ef8b873e4e832daf59d036bbd70cec08e8b64e655
VEX v0.2.0https://openvex.dev/ns/v0.2.0dhi.io/opensearch@sha256:1a71b33d7f46bb6bfeb8723839a3031cd4bdba3d8024b3a738b93fc7234e31ca
Scout provenance v0.1https://scout.docker.com/provenance/v0.1dhi.io/opensearch@sha256:aaec47af0f2438e4e1679cd20455038561e9389de21d87a7449bc7e0ff689624
Scout SBOM v0.1https://scout.docker.com/sbom/v0.1dhi.io/opensearch@sha256:cff3b84812dbc1d8470fe2b0c7b936f1549a1c68b57a770ff62b6e13f260a08e
Secrets scan v0.1https://scout.docker.com/secrets/v0.1dhi.io/opensearch@sha256:f3bb4b6bab23c82ab30f2b8dce2e476569f599a9d8a5ff9ddca796ca2812c192
Tests v0.1https://scout.docker.com/tests/v0.1dhi.io/opensearch@sha256:8d7d32c056d8906bc447748e6118817b5135cfb0b71988fc49e5d4cca48c0996
Virus scan v0.1https://scout.docker.com/virus/v0.1dhi.io/opensearch@sha256:d4f68cf7bd4a9016bb570817f730a36e9aa163def231c0f107e49e59c982fb86
CVEs v0.1https://scout.docker.com/vulnerabilities/v0.1dhi.io/opensearch@sha256:9623b3d23b7ba7c7e01f8e64e3c7250554eca28a67554fa236a067f2a5424764
SLSA provenance v0.2https://slsa.dev/provenance/v0.2dhi.io/opensearch@sha256:2a783a17c0b478edc982ad89c5af9d5d220685863e843813d4f2d5a04a400213
SLSA provenance v1https://slsa.dev/provenance/v1dhi.io/opensearch@sha256:0fe268afceb29a88837b04d4ba92ee43443766f8694bc513fc39ea588fcdf375
SLSA verification summary v1https://slsa.dev/verification_summary/v1dhi.io/opensearch@sha256:84355e30d2c36ead685ff06661723e9ef3d364c3ecedc2b3306d4b5c445569a0
SPDX SBOMhttps://spdx.dev/Documentdhi.io/opensearch@sha256:466e9aea6b51575ee9b4a34509b4eb8573eeb66fdaf34906693b43b2f03a21f8