dhi.io/rabbitmq
4-debian-fips-dev, 4-debian13-fips-dev, 4-fips-dev, 4.3-debian-fips-dev, 4.3-debian13-fips-dev, 4.3-fips-dev, 4.3.2-debian-fips-dev, 4.3.2-debian13-fips-dev, 4.3.2-fips-dev
sha256:40ac1ad434808ca8fbfff96774ee26756633bc737cc2f4bb8a1c4a5ae9c329de
Manifest digest:sha256:27127945a9df0df80fea932bdca474cd917556741880b72bc7f6d1ecf94bd2ac
Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.
Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.
1. List all available attestations
docker scout attest list dhi.io/rabbitmq:4-debian-fips-dev2. Verify a specific attestation
For example, to verify the SLSA provenance attestation:
docker scout attest get dhi.io/rabbitmq:4-debian-fips-dev --predicate-type https://slsa.dev/provenance/v0.2 --verifyAll attestations are signed and can be verified with cosign.
| Predicate | Predicate type | Reference |
|---|---|---|
| CycloneDX SBOM v1.6 | https://cyclonedx.org/bom/v1.6 | dhi.io/rabbitmq@sha256:fa8d7f06f61d33ef2ee9c71f952eace37b63e4184b3e3dfed64faf5f747a5cb5 |
| Changelog v0.1 | https://docker.com/dhi/changelog/v0.1 | dhi.io/rabbitmq@sha256:d923e91219899b227e909340074032903002c18042c9faecfc77af82bca7ce9f |
| FIPS compliance v0.1 | https://docker.com/dhi/fips/v0.1 | dhi.io/rabbitmq@sha256:992007e1a88ce6861dd4a01ccdc4f863b6da25d34940197554ccb369e13579fc |
| DHI Image Sources v0.1 | https://docker.com/dhi/source/v0.1 | dhi.io/rabbitmq@sha256:ec149c702268b7e7b10eb2a0ea3d5df15aa0fd9353d0aae882a856e1d112a4f8 |
| STIG scan v0.1 | https://docker.com/dhi/stig/v0.1 | dhi.io/rabbitmq@sha256:b88f0ea2949258fd7cb98413b59d15a01dc2d1a3b696172b44efb115dd482646 |
| CVEs v0.2 | https://in-toto.io/attestation/vulns/v0.2 | dhi.io/rabbitmq@sha256:dc6ea1bbc0e720df89014a61d21d11d1144b9d92a942efa599d37d1b7933b7d4 |
| VEX v0.2.0 | https://openvex.dev/ns/v0.2.0 | dhi.io/rabbitmq@sha256:41ed870bc6814916a440773d662d288b3300f079340eb3299efe3847a6139a04 |
| Scout provenance v0.1 | https://scout.docker.com/provenance/v0.1 | dhi.io/rabbitmq@sha256:5f401a827070fd96aa99213421f4ce744912ae72b9186b6f448ad7f1942ced6c |
| Scout SBOM v0.1 | https://scout.docker.com/sbom/v0.1 | dhi.io/rabbitmq@sha256:1751303fd435be906bf669690b48528fc4f33a10aa66a5a7f7b0d6665df7c6dc |
| Secrets scan v0.1 | https://scout.docker.com/secrets/v0.1 | dhi.io/rabbitmq@sha256:53d303d05c6529ed566879de0801f4b10123289cbfd9f138bc684ff94a76224a |
| Tests v0.1 | https://scout.docker.com/tests/v0.1 | dhi.io/rabbitmq@sha256:a8fbd25837e3390b9a23b4eb6f9b584b54c02a68f387defd6174ec069bc9d3b2 |
| Virus scan v0.1 | https://scout.docker.com/virus/v0.1 | dhi.io/rabbitmq@sha256:279d573ec5c0103a39b8cbbb565c26f06a1ba0a79010a1a5a0b50f7c7530dc03 |
| CVEs v0.1 | https://scout.docker.com/vulnerabilities/v0.1 | dhi.io/rabbitmq@sha256:875d24861c516271c3dcef503b8644d0c9492297173c6e1dcd4344bfcb7057bf |
| SLSA provenance v0.2 | https://slsa.dev/provenance/v0.2 | dhi.io/rabbitmq@sha256:b91bf05a29953545aadc01e03eb32b94c3869de26b563f7b62fc14a710713101 |
| SLSA provenance v1 | https://slsa.dev/provenance/v1 | dhi.io/rabbitmq@sha256:6329e48f71374fd986ef4733b2fbb7e507e0492ebcf8032106caa23db9a9cb33 |
| SLSA verification summary v1 | https://slsa.dev/verification_summary/v1 | dhi.io/rabbitmq@sha256:31c2c0c58f1ca71950bd1f1fc683029b61e2c78bf2859f4d8813f3b48898ab80 |
| SPDX SBOM | https://spdx.dev/Document | dhi.io/rabbitmq@sha256:0ce55f153c4147a138ba4316e3e990d3e07da1270ea774521387feec5cabb520 |