OpenSearch

dhi.io/opensearch

OpenSearch 3.x

CIS
linux/amd64
debian 13
Tags:

3, 3-debian, 3-debian13, 3.7, 3.7-debian, 3.7-debian13, 3.7.0, 3.7.0-debian, 3.7.0-debian13

Index digest:

sha256:9738455486011f454604e7089c0cb57489db802ddc54467c7f8d3472de9a085d

Manifest digest:

sha256:3de1f6de9cfef75c801c47ecf6219077742dec5fbb2b285212452bf8aac5ba03

Size

911.30 MB

Last pushed

10 hours ago

Vulnerabilities

0
0
2
1
0

Support

Active

Overview

Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.

Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.

How to verify attestations

1. List all available attestations

docker scout attest list dhi.io/opensearch:3

2. Verify a specific attestation

For example, to verify the SLSA provenance attestation:

docker scout attest get dhi.io/opensearch:3 --predicate-type https://slsa.dev/provenance/v0.2 --verify

Attestations

All attestations are signed and can be verified with cosign.

PredicatePredicate typeReference
CycloneDX SBOM v1.6https://cyclonedx.org/bom/v1.6dhi.io/opensearch@sha256:1a8a02f1aaba583fe76e55f3b97bbbf1400dc6a51a74a6027eabd8611e7dd899
Changelog v0.1https://docker.com/dhi/changelog/v0.1dhi.io/opensearch@sha256:674f0ccb93ce682413818f330a1871db3e8e1362ea0cba0625d02db59cc700fb
DHI Image Sources v0.1https://docker.com/dhi/source/v0.1dhi.io/opensearch@sha256:1206af67ce169cb9fc47e36507789795a02053b4eb3ccb153ff5e9ed47814934
CVEs v0.2https://in-toto.io/attestation/vulns/v0.2dhi.io/opensearch@sha256:aa32f1185ff2960f4d98cb97f58cf84bb638760e1548ec4688caed5ada1c1e0b
VEX v0.2.0https://openvex.dev/ns/v0.2.0dhi.io/opensearch@sha256:c27922798a00c11c81cf9429a30b7ecd1958325fc47842aac292997ee6534d19
Scout provenance v0.1https://scout.docker.com/provenance/v0.1dhi.io/opensearch@sha256:5b278335161c8f76fa6bddee2092d3b34f2a96c3cac15bf1bf6696ab9578a980
Scout SBOM v0.1https://scout.docker.com/sbom/v0.1dhi.io/opensearch@sha256:dca1015df03900f6e8d1921cc3a1b170298aed05e2207915e0de50668298369e
Secrets scan v0.1https://scout.docker.com/secrets/v0.1dhi.io/opensearch@sha256:b798cbb6c19b7501f31c62811d41707d2bbb1268652f4ed7dce1a1b01cb7bd5e
Tests v0.1https://scout.docker.com/tests/v0.1dhi.io/opensearch@sha256:2548d7d56015fd7ceb4e238b998c869d0d566dc69c9e9fc25067dc8798fbadbd
Virus scan v0.1https://scout.docker.com/virus/v0.1dhi.io/opensearch@sha256:85d846378a6b9ebdf45166c8f84de5f0ad0e123e49e9965b98c8521020f5a956
CVEs v0.1https://scout.docker.com/vulnerabilities/v0.1dhi.io/opensearch@sha256:2f85acc056fb55f851b80587a8e4cbe2b81b0b1139f29cd207d7b8fc237c9ab6
SLSA provenance v0.2https://slsa.dev/provenance/v0.2dhi.io/opensearch@sha256:642ac40464d4d503d6f06f982d5e3051ab046bcb87289f361c38325b76400167
SLSA provenance v1https://slsa.dev/provenance/v1dhi.io/opensearch@sha256:e2864b8b612f9c2cdeaca049c540d4bce1e561b46f349d7eec16a3f123c49831
SLSA verification summary v1https://slsa.dev/verification_summary/v1dhi.io/opensearch@sha256:ede7a8ff32f8942d4389222fed46fa6c4c2d93bd698d497b8721a2285dccbd58
SPDX SBOMhttps://spdx.dev/Documentdhi.io/opensearch@sha256:6f85c64df7551bba3fec74554edd04e8b10714c1db6cfe1c21dc637bfd0b039e