dhi.io/rabbitmq
4.2-debian-fips, 4.2-debian13-fips, 4.2-fips, 4.2.8-debian-fips, 4.2.8-debian13-fips, 4.2.8-fips
sha256:6f01aacd554c53e719a40fbccaf160cd1f7c59700449f37e6a3d844eff3f129e
Manifest digest:sha256:d84096a6e720603a4c4c010e71b32d09540d1386d7a235b518cab6262acdb880
Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.
Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.
1. List all available attestations
docker scout attest list dhi.io/rabbitmq:4.2-debian-fips2. Verify a specific attestation
For example, to verify the SLSA provenance attestation:
docker scout attest get dhi.io/rabbitmq:4.2-debian-fips --predicate-type https://slsa.dev/provenance/v0.2 --verifyAll attestations are signed and can be verified with cosign.
| Predicate | Predicate type | Reference |
|---|---|---|
| CycloneDX SBOM v1.6 | https://cyclonedx.org/bom/v1.6 | dhi.io/rabbitmq@sha256:03ae7846120774b8a775a220e084336898eadfcac29e5c79b735aff7bb4a3ecc |
| Changelog v0.1 | https://docker.com/dhi/changelog/v0.1 | dhi.io/rabbitmq@sha256:95ad5a60f137571bd00e2e79814187c8a79dbd5e1fbdeceae81690fd5a4bfcce |
| FIPS compliance v0.1 | https://docker.com/dhi/fips/v0.1 | dhi.io/rabbitmq@sha256:a2704ddcd8341096399fc5b97f91ba187a19864e73bc87de2b41479101b0d7bc |
| DHI Image Sources v0.1 | https://docker.com/dhi/source/v0.1 | dhi.io/rabbitmq@sha256:3b1ed7fd9ff4353b54c7864ba9f7874efd5a4b3d32132a61817489c40f4f0e6b |
| STIG scan v0.1 | https://docker.com/dhi/stig/v0.1 | dhi.io/rabbitmq@sha256:6f3d1327c69994eb082bdf12b48b9a54bee2b78aef3ff55be62aadb2ef09c8c3 |
| CVEs v0.2 | https://in-toto.io/attestation/vulns/v0.2 | dhi.io/rabbitmq@sha256:384a8b31cb490b719ef7a5344409899a87f50365d8306bee5d47eb1b834e9c9e |
| VEX v0.2.0 | https://openvex.dev/ns/v0.2.0 | dhi.io/rabbitmq@sha256:600b98a1a8454f5d0a7f8380b1c6e7dfee5a828d7fb3e886407e6c7158cf5e5f |
| Scout provenance v0.1 | https://scout.docker.com/provenance/v0.1 | dhi.io/rabbitmq@sha256:67f3ab8f20f29eec14145f0fcf767d2d49e7d852079d01b9b2d4874af46331c2 |
| Scout SBOM v0.1 | https://scout.docker.com/sbom/v0.1 | dhi.io/rabbitmq@sha256:b9e30823aeba338f97193be45ae90858e01d8d65e877090b59cc4fe80123b43d |
| Secrets scan v0.1 | https://scout.docker.com/secrets/v0.1 | dhi.io/rabbitmq@sha256:8d2585a51346e8b3796657ae02ad25c3c941f237ef103db3a547dda4122d4bd6 |
| Tests v0.1 | https://scout.docker.com/tests/v0.1 | dhi.io/rabbitmq@sha256:9a3fde3a5f50921f1f2fe0228f8b6d146a5e37ee695dc8cc8b5023e8e4646cb0 |
| Virus scan v0.1 | https://scout.docker.com/virus/v0.1 | dhi.io/rabbitmq@sha256:7dd3bad6ab498bf3be46ceefc6bf50d4aad02634e695712f6c9ed0af315b5c39 |
| CVEs v0.1 | https://scout.docker.com/vulnerabilities/v0.1 | dhi.io/rabbitmq@sha256:a72e2050407d0255bc2ae92266becd1b6958eeb6c14aa62423bd1225398941e4 |
| SLSA provenance v0.2 | https://slsa.dev/provenance/v0.2 | dhi.io/rabbitmq@sha256:94079d8682eeedbdc40ec4273bf86df385111049d8954555ae97670bb95283f6 |
| SLSA provenance v1 | https://slsa.dev/provenance/v1 | dhi.io/rabbitmq@sha256:a7f7fbf0147aa0b831cca0171145c6707cefd45330a04901712e44d48be035c7 |
| SLSA verification summary v1 | https://slsa.dev/verification_summary/v1 | dhi.io/rabbitmq@sha256:72327936c3944e64a9aac39bbc4ddb4b14b3007a3e8367fab57f5707b6f7bf6a |
| SPDX SBOM | https://spdx.dev/Document | dhi.io/rabbitmq@sha256:cb849a472691c8e5e44fbfdfce9827e82846b553591a5a4649e727a6abb57dca |