dhi.io/rabbitmq
4-debian-fips, 4-debian13-fips, 4-fips, 4.3-debian-fips, 4.3-debian13-fips, 4.3-fips, 4.3.2-debian-fips, 4.3.2-debian13-fips, 4.3.2-fips
sha256:c6088d98d2e19a112201a81195212508cf12c0c9ec77f7a6fa397c20aab32b90
Manifest digest:sha256:c6ef98186e8c646aed91d7e799beacff993f0bd7a7cfc0d6ce4131bb315bcbdb
Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.
Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.
1. List all available attestations
docker scout attest list dhi.io/rabbitmq:4-debian-fips2. Verify a specific attestation
For example, to verify the SLSA provenance attestation:
docker scout attest get dhi.io/rabbitmq:4-debian-fips --predicate-type https://slsa.dev/provenance/v0.2 --verifyAll attestations are signed and can be verified with cosign.
| Predicate | Predicate type | Reference |
|---|---|---|
| CycloneDX SBOM v1.6 | https://cyclonedx.org/bom/v1.6 | dhi.io/rabbitmq@sha256:cebb1b330e5862f50a4c61828b58f648ff75dc82946b2653280f3bde8316c998 |
| Changelog v0.1 | https://docker.com/dhi/changelog/v0.1 | dhi.io/rabbitmq@sha256:d423c3d01066a84cdeea1bd3583d2174b576189c89e1e8de932cb0c5f3460bae |
| FIPS compliance v0.1 | https://docker.com/dhi/fips/v0.1 | dhi.io/rabbitmq@sha256:8707d30036f7e310960244e8041aa95878ddd7eb3469ed5eb6de0e11a0f04220 |
| DHI Image Sources v0.1 | https://docker.com/dhi/source/v0.1 | dhi.io/rabbitmq@sha256:6d2766a496a4b7e894f414cd52e04d22616d2583068ec6abba0e8dd4dff77fbd |
| STIG scan v0.1 | https://docker.com/dhi/stig/v0.1 | dhi.io/rabbitmq@sha256:aed6a10548e7e707a0c14f223b84db7ec39c73bd9414dae5a309b653912f6658 |
| CVEs v0.2 | https://in-toto.io/attestation/vulns/v0.2 | dhi.io/rabbitmq@sha256:accbdcf7a4e59ab5896c9d41aa182a1343b730a62d5ba64bbe125b3b875393f4 |
| VEX v0.2.0 | https://openvex.dev/ns/v0.2.0 | dhi.io/rabbitmq@sha256:92ab6e95d91f85333037754a1f5f696a7bbb6527e7122494a411a5c87994785a |
| Scout provenance v0.1 | https://scout.docker.com/provenance/v0.1 | dhi.io/rabbitmq@sha256:ea4f5c4f3307e6d2a1cddd2739c4c2e4d2d65c88e854fd6e51c79cb7b7876569 |
| Scout SBOM v0.1 | https://scout.docker.com/sbom/v0.1 | dhi.io/rabbitmq@sha256:d7baf8e95240a93ac3cc2e97d1705ef9e7280ae12d27e59b6ff7e48bd6c39132 |
| Secrets scan v0.1 | https://scout.docker.com/secrets/v0.1 | dhi.io/rabbitmq@sha256:0e06958a91191f3d45f88bf680e2808a84ab5609e7a676da53f8806674073780 |
| Tests v0.1 | https://scout.docker.com/tests/v0.1 | dhi.io/rabbitmq@sha256:2abd3a0610587e61eb95268e21c062e35bb127b6ef557f2eda1266bb0df83ea0 |
| Virus scan v0.1 | https://scout.docker.com/virus/v0.1 | dhi.io/rabbitmq@sha256:4c4847dbc726f3df36091ed84fd068158bba2e9199dc31851a7295fc883f05cc |
| CVEs v0.1 | https://scout.docker.com/vulnerabilities/v0.1 | dhi.io/rabbitmq@sha256:1ebbb6192cb35c48710f0afca07876910a816ec02275b6ab3855c6313117dfab |
| SLSA provenance v0.2 | https://slsa.dev/provenance/v0.2 | dhi.io/rabbitmq@sha256:eedf9c0d4d26a616369cfb79aeb8647e058d1a5a165a8e6181418e5033010b50 |
| SLSA provenance v1 | https://slsa.dev/provenance/v1 | dhi.io/rabbitmq@sha256:a0cd6d8421b4a6683efac5df255eae1dfd41981c8a5efbf351648f68eeea7f7b |
| SLSA verification summary v1 | https://slsa.dev/verification_summary/v1 | dhi.io/rabbitmq@sha256:bc9dec98366c03043d6e7c683c150d4c5939ece85e62b0a811dff8b4f1c9822c |
| SPDX SBOM | https://spdx.dev/Document | dhi.io/rabbitmq@sha256:db0625915e7e1409d3c267ed3821864d98f7893de766d40c96872f670b67fe9b |