dhi.io/rabbitmq
4-debian-fips-dev, 4-debian13-fips-dev, 4-fips-dev, 4.3-debian-fips-dev, 4.3-debian13-fips-dev, 4.3-fips-dev, 4.3.2-debian-fips-dev, 4.3.2-debian13-fips-dev, 4.3.2-fips-dev
sha256:4c46fe59bdd1227d943039451c452e39eb5467f6b01be563fcbb0ab6934b5574
Manifest digest:sha256:72f034b7c0564f1a58f560e5f8f3ffca9c513091b6288c2f4ecccc3f27704ece
Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.
Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.
1. List all available attestations
docker scout attest list dhi.io/rabbitmq:4-debian-fips-dev2. Verify a specific attestation
For example, to verify the SLSA provenance attestation:
docker scout attest get dhi.io/rabbitmq:4-debian-fips-dev --predicate-type https://slsa.dev/provenance/v0.2 --verifyAll attestations are signed and can be verified with cosign.
| Predicate | Predicate type | Reference |
|---|---|---|
| CycloneDX SBOM v1.6 | https://cyclonedx.org/bom/v1.6 | dhi.io/rabbitmq@sha256:7be1a084e7373f3235e8c24b7b0bea9361650a85e0a97a05a4a57a981677c6cc |
| Changelog v0.1 | https://docker.com/dhi/changelog/v0.1 | dhi.io/rabbitmq@sha256:786c073f19b696af6d5207adbdce1df196c376efd71e88c46c68589f943418b8 |
| FIPS compliance v0.1 | https://docker.com/dhi/fips/v0.1 | dhi.io/rabbitmq@sha256:7305339b7cb8197581c728b92806e22a5119c9b524de42a2680871073561b6ec |
| DHI Image Sources v0.1 | https://docker.com/dhi/source/v0.1 | dhi.io/rabbitmq@sha256:f2f3f3df645fcdf3bdaa2d23334f3fc2831c68db6e301ecdfff2fa8b86385ae0 |
| STIG scan v0.1 | https://docker.com/dhi/stig/v0.1 | dhi.io/rabbitmq@sha256:747b00126b4979e258feb82c43e8eebf549c3a6df84ab500a0a5b8494489d138 |
| CVEs v0.2 | https://in-toto.io/attestation/vulns/v0.2 | dhi.io/rabbitmq@sha256:6369282ecef09c12830fcbc23b9dd6b3a94f932b7e8e915173154ec1c9d78de2 |
| VEX v0.2.0 | https://openvex.dev/ns/v0.2.0 | dhi.io/rabbitmq@sha256:3b3831df09fb2960e8f235782169de0572cdc69c17e418d9bcb4bbdb735cff1a |
| Scout provenance v0.1 | https://scout.docker.com/provenance/v0.1 | dhi.io/rabbitmq@sha256:f0828a2867e44e8b0e88c71abcb3ed60129e305db73e1d5def9c6e86c9b12d3e |
| Scout SBOM v0.1 | https://scout.docker.com/sbom/v0.1 | dhi.io/rabbitmq@sha256:612db8f7eae3aca7d00b7f348e018b74b8cffc49b32ba02ef2b61421a8ac075a |
| Secrets scan v0.1 | https://scout.docker.com/secrets/v0.1 | dhi.io/rabbitmq@sha256:fb94007c3947b32b3aa260d6bfd48c89a9db5cea71dbebbe2f43a76a85ddf823 |
| Tests v0.1 | https://scout.docker.com/tests/v0.1 | dhi.io/rabbitmq@sha256:cffd266cd15e5dfd4e77d55cb07c22aebd799287f5e091a6243efae557aa51e9 |
| Virus scan v0.1 | https://scout.docker.com/virus/v0.1 | dhi.io/rabbitmq@sha256:22fe4b480e6a89836c37a9883a7a1bd1d90656e4d6faf6862bab82e09e7b53e2 |
| CVEs v0.1 | https://scout.docker.com/vulnerabilities/v0.1 | dhi.io/rabbitmq@sha256:c0d1261dfb4fc65930b7b2c7912381ec6f5cc1230bb937f04f2d092a4afe8582 |
| SLSA provenance v0.2 | https://slsa.dev/provenance/v0.2 | dhi.io/rabbitmq@sha256:18422e69f90e19ab01f360b2bd988b0288fd8fad5c5c572e50ca6b0bc6f10eb7 |
| SLSA provenance v1 | https://slsa.dev/provenance/v1 | dhi.io/rabbitmq@sha256:1e40af69746b95e5a0028852558e453f6f79d2f833befd5bf00379e2389f0b91 |
| SLSA verification summary v1 | https://slsa.dev/verification_summary/v1 | dhi.io/rabbitmq@sha256:73971d31ebfaf2a70b914ecbf9bf3f54f5685313c8ebda9ce8654adb0f2f49ca |
| SPDX SBOM | https://spdx.dev/Document | dhi.io/rabbitmq@sha256:4944caed59537060ec2808153d639fa86ed2f8b3f4961ae34952c9dde54516f0 |