dhi.io/rabbitmq
4-debian-dev, 4-debian13-dev, 4-dev, 4.3-debian-dev, 4.3-debian13-dev, 4.3-dev, 4.3.2-debian-dev, 4.3.2-debian13-dev, 4.3.2-dev
sha256:229562b216188725254dc56a92f55a65112cb5a87ccde0ee3a366a967c957741
Manifest digest:sha256:0e2ea12d910819b9e1e485d4b3b4cbe6334ce8332f7d4a4459e469d8ebd81899
Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.
Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.
1. List all available attestations
docker scout attest list dhi.io/rabbitmq:4-debian-dev2. Verify a specific attestation
For example, to verify the SLSA provenance attestation:
docker scout attest get dhi.io/rabbitmq:4-debian-dev --predicate-type https://slsa.dev/provenance/v0.2 --verifyAll attestations are signed and can be verified with cosign.
| Predicate | Predicate type | Reference |
|---|---|---|
| CycloneDX SBOM v1.6 | https://cyclonedx.org/bom/v1.6 | dhi.io/rabbitmq@sha256:1e628206ed6aef350d9721283a93a807b102a587f59b377d417b295a65edd7b8 |
| Changelog v0.1 | https://docker.com/dhi/changelog/v0.1 | dhi.io/rabbitmq@sha256:dd9a9c955c8010629c00a083e860374d0a04ceb1d2ff6a7bc53fa7dec8afad95 |
| DHI Image Sources v0.1 | https://docker.com/dhi/source/v0.1 | dhi.io/rabbitmq@sha256:d5817fa2c4a3974a0311539cd6116b79dbfcde8ca4d9b248d5879f7e00c42868 |
| CVEs v0.2 | https://in-toto.io/attestation/vulns/v0.2 | dhi.io/rabbitmq@sha256:466840f23644c6ac2f5b5f6a523b3e9608c6a0317980d9bd0e7c9368ee3ad5d6 |
| VEX v0.2.0 | https://openvex.dev/ns/v0.2.0 | dhi.io/rabbitmq@sha256:dd7a09e68c6a8b098682622bcf23cd90a4957e20aa350e787240db9401c542f5 |
| Scout provenance v0.1 | https://scout.docker.com/provenance/v0.1 | dhi.io/rabbitmq@sha256:21cfe51b9f6e5114221e22c3318a789ad902c95ae7d8c6f348d681bb28fe8fb0 |
| Scout SBOM v0.1 | https://scout.docker.com/sbom/v0.1 | dhi.io/rabbitmq@sha256:6ed876385d97f70c7f34865013d9d1474fb8eed9b2484e28156aab1f2515f081 |
| Secrets scan v0.1 | https://scout.docker.com/secrets/v0.1 | dhi.io/rabbitmq@sha256:ca9e1a4370b06914e272a574ac908ca48decd7424e71478f53b6b4ce5f5db5d3 |
| Tests v0.1 | https://scout.docker.com/tests/v0.1 | dhi.io/rabbitmq@sha256:ef13f14672ca089e942a702c397f89237545f35c3905278e713cbd28a1893334 |
| Virus scan v0.1 | https://scout.docker.com/virus/v0.1 | dhi.io/rabbitmq@sha256:f9b4507b5e6b91d6a635b1c033aa59bab9a8ed7230e3de65d9c115b15c85a3b2 |
| CVEs v0.1 | https://scout.docker.com/vulnerabilities/v0.1 | dhi.io/rabbitmq@sha256:9814c3729f934f8e7133faa220ebef4c6d96623c8720ed164aa27c97fdf31687 |
| SLSA provenance v0.2 | https://slsa.dev/provenance/v0.2 | dhi.io/rabbitmq@sha256:68ef5be27bcf2b6b652e854eec371c2552a8e13fcda42f03be8be6745bcda2a3 |
| SLSA provenance v1 | https://slsa.dev/provenance/v1 | dhi.io/rabbitmq@sha256:20ca4d9dc0de9eb416f6635e35696c94cb60db51299425eb11ee6dabb053640a |
| SLSA verification summary v1 | https://slsa.dev/verification_summary/v1 | dhi.io/rabbitmq@sha256:1b34265477d86d0e7d6e3bd7984785cc14cba06f7ab5de4999b53aab1d918f47 |
| SPDX SBOM | https://spdx.dev/Document | dhi.io/rabbitmq@sha256:a55ace5d01e2ccc7df342807629f507730cd18fcde37e7796a7fee015c11ab12 |