Attestations
dhi.io/rabbitmq
4.2, 4.2-debian, 4.2-debian13, 4.2.8, 4.2.8-debian, 4.2.8-debian13
sha256:1c01198172f1fd1a7cabf4f95b1e4e31d6784a2d26e84ead662511b3aa620cec
Manifest digest:sha256:29007039349be8130e2e3d1e26a6e994ad8582e858a188417e7901adedffd7a7
Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.
Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.
1. List all available attestations
docker scout attest list dhi.io/rabbitmq:4.22. Verify a specific attestation
For example, to verify the SLSA provenance attestation:
docker scout attest get dhi.io/rabbitmq:4.2 --predicate-type https://slsa.dev/provenance/v0.2 --verifyAll attestations are signed and can be verified with cosign.
| Predicate | Predicate type | Reference |
|---|---|---|
| CycloneDX SBOM v1.6 | https://cyclonedx.org/bom/v1.6 | dhi.io/rabbitmq@sha256:d92dc704e46ba309f804a2043170029ea7df3ff8be1f11d7ae5706f3eb73aa21 |
| Changelog v0.1 | https://docker.com/dhi/changelog/v0.1 | dhi.io/rabbitmq@sha256:fef82e4fba57d403380b633aebe32f4760dbaa2b96c1545d9c362f3f665582a7 |
| DHI Image Sources v0.1 | https://docker.com/dhi/source/v0.1 | dhi.io/rabbitmq@sha256:9d96307d11c2450adc8e6ff58887bb2725a13a9798dac897b5e03295937e4363 |
| CVEs v0.2 | https://in-toto.io/attestation/vulns/v0.2 | dhi.io/rabbitmq@sha256:1476a19dd4bd23a99321a93318f4078fdaeb0ea38307a7801b13b37e1a4696ee |
| VEX v0.2.0 | https://openvex.dev/ns/v0.2.0 | dhi.io/rabbitmq@sha256:5740a8bafaab7e9dc586d5cd53e91d26e27543b79af0b915b765c6d3f4a66fa0 |
| Scout provenance v0.1 | https://scout.docker.com/provenance/v0.1 | dhi.io/rabbitmq@sha256:f438bf2eabd71813b638601676ade3c01fec0808c63c5c226f1a92daf5a82ebb |
| Scout SBOM v0.1 | https://scout.docker.com/sbom/v0.1 | dhi.io/rabbitmq@sha256:17962d78dab2587c9bc8234f6e28c085356397804da3264fb508ca1414ac906f |
| Secrets scan v0.1 | https://scout.docker.com/secrets/v0.1 | dhi.io/rabbitmq@sha256:e3b9cbce43b1680f7898c63cf69573b02d6024c7bfd891f91f4f7b3b74bb823a |
| Tests v0.1 | https://scout.docker.com/tests/v0.1 | dhi.io/rabbitmq@sha256:609c00ecaaaa4fce1c80b1ffb2e527b5b12908e2bcf204b0cc126895796de436 |
| Virus scan v0.1 | https://scout.docker.com/virus/v0.1 | dhi.io/rabbitmq@sha256:7ba0f7058a7f14ead028f260d786ec3b0be655aef59c87107b9f3001698594b2 |
| CVEs v0.1 | https://scout.docker.com/vulnerabilities/v0.1 | dhi.io/rabbitmq@sha256:940486c7361c2b5fdadda61da0ce01095f1c59140d53e4840d57ea11cb42653c |
| SLSA provenance v0.2 | https://slsa.dev/provenance/v0.2 | dhi.io/rabbitmq@sha256:8a480f82717f51c4ad8f3198a58f523dba32ce4354db6735e85de2142ad46d9d |
| SLSA provenance v1 | https://slsa.dev/provenance/v1 | dhi.io/rabbitmq@sha256:19dfea235367e75fc11c5eb171b6f33a4531c8c1c47561ad549bf1592c08c47e |
| SLSA verification summary v1 | https://slsa.dev/verification_summary/v1 | dhi.io/rabbitmq@sha256:822133ff8d176dc6494ff33927729c70c41ba6f00bcaf675d45a4a42c11baeff |
| SPDX SBOM | https://spdx.dev/Document | dhi.io/rabbitmq@sha256:443509ddf5fb16e43b60e867277dd78ad13a39da1dbc860e0087320ff471ccef |