dhi.io/rabbitmq
4.2-debian-fips-dev, 4.2-debian13-fips-dev, 4.2-fips-dev, 4.2.8-debian-fips-dev, 4.2.8-debian13-fips-dev, 4.2.8-fips-dev
sha256:00aac8fdd3d606e391313e789a9865652e613cb1f0b62f9df268bf78caac7a22
Manifest digest:sha256:4ac7cf0684baf23b1349f02a37cf8751f41310d629fa8b2124ae9ac394a62e38
Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.
Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.
1. List all available attestations
docker scout attest list dhi.io/rabbitmq:4.2-debian-fips-dev2. Verify a specific attestation
For example, to verify the SLSA provenance attestation:
docker scout attest get dhi.io/rabbitmq:4.2-debian-fips-dev --predicate-type https://slsa.dev/provenance/v0.2 --verifyAll attestations are signed and can be verified with cosign.
| Predicate | Predicate type | Reference |
|---|---|---|
| CycloneDX SBOM v1.6 | https://cyclonedx.org/bom/v1.6 | dhi.io/rabbitmq@sha256:b38a70b25f2e1b62a41f32b153c6bda2e40dee980122d4705bf69f422e76e031 |
| Changelog v0.1 | https://docker.com/dhi/changelog/v0.1 | dhi.io/rabbitmq@sha256:6cae2b639c3e4e28b37c7a81688d609dffe0c5a2d3f8c5f682e355b6945cc2e1 |
| FIPS compliance v0.1 | https://docker.com/dhi/fips/v0.1 | dhi.io/rabbitmq@sha256:a4aedefe22e1d357d2250e7f093a33c96951f23b2d4bbf6ce183a741e19cc78e |
| DHI Image Sources v0.1 | https://docker.com/dhi/source/v0.1 | dhi.io/rabbitmq@sha256:6c6da1fdb90a42fec3ac9db958f3b9923f1a25436fb2ff61fd9c5b5ced6efde0 |
| STIG scan v0.1 | https://docker.com/dhi/stig/v0.1 | dhi.io/rabbitmq@sha256:ad2b819dcf0ddbfc2782ef7e84b4b46401a667aceab504c82741642dad3cdd3e |
| CVEs v0.2 | https://in-toto.io/attestation/vulns/v0.2 | dhi.io/rabbitmq@sha256:14cedaf69ee8b557e0f82ed0b5920a6155a285064ed2fd93f70e761e175fc4b5 |
| VEX v0.2.0 | https://openvex.dev/ns/v0.2.0 | dhi.io/rabbitmq@sha256:3c5fe52c552e5f7ede48d890410437eca596987ca15f149ff877153585e7f7d9 |
| Scout provenance v0.1 | https://scout.docker.com/provenance/v0.1 | dhi.io/rabbitmq@sha256:96827774220038f0ff39c7ddc1f76c5c8838fa1c5778f2090352aff69e15a711 |
| Scout SBOM v0.1 | https://scout.docker.com/sbom/v0.1 | dhi.io/rabbitmq@sha256:005c85b13df20802265d0656a54b4cedd0cbe0eef4555b7ff7b3819222e17584 |
| Secrets scan v0.1 | https://scout.docker.com/secrets/v0.1 | dhi.io/rabbitmq@sha256:2b442fb485fa7389465865ee49384859a765520a0550a41c656acbf9a7147462 |
| Tests v0.1 | https://scout.docker.com/tests/v0.1 | dhi.io/rabbitmq@sha256:c53ddc1588bcc39ec1e16c2933dd654797f558c527f111dfbd6aefc97608420b |
| Virus scan v0.1 | https://scout.docker.com/virus/v0.1 | dhi.io/rabbitmq@sha256:a518c153b8f7dad51838a848966b5aca706eabc03fcfc4b7a023f2188d42d12e |
| CVEs v0.1 | https://scout.docker.com/vulnerabilities/v0.1 | dhi.io/rabbitmq@sha256:cf8822f3264a0947cefaca8f1f994b94bbf251230f6897235fe779fe3aa0b7fb |
| SLSA provenance v0.2 | https://slsa.dev/provenance/v0.2 | dhi.io/rabbitmq@sha256:37dbfdab3173b4741dc5cd0c08464df620cd949c7039ecbe9d25ee1f9b8b60f1 |
| SLSA provenance v1 | https://slsa.dev/provenance/v1 | dhi.io/rabbitmq@sha256:82bf73d2a34de5734f559bd8c420c05e597cea1106fdf2c3d06b97b57c289d4f |
| SLSA verification summary v1 | https://slsa.dev/verification_summary/v1 | dhi.io/rabbitmq@sha256:52a627bff41f1dc098be9e49e0b90b45d3efc98a6a8fa2afad93eadbeab70bf6 |
| SPDX SBOM | https://spdx.dev/Document | dhi.io/rabbitmq@sha256:26c98eb97a3c40a06286d35a33098efac4e432ad666df32a59276d013764ac93 |