Attestations
dhi.io/rabbitmq
4, 4-debian, 4-debian13, 4.3, 4.3-debian, 4.3-debian13, 4.3.2, 4.3.2-debian, 4.3.2-debian13
sha256:2450689eacbdbeb4de7fe45d6caee72681868840712d1af819240036ed3166ff
Manifest digest:sha256:cf76439543c5200517b11a016a568940688f1d6610810ead0f6d2a78ab04995a
Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.
Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.
1. List all available attestations
docker scout attest list dhi.io/rabbitmq:42. Verify a specific attestation
For example, to verify the SLSA provenance attestation:
docker scout attest get dhi.io/rabbitmq:4 --predicate-type https://slsa.dev/provenance/v0.2 --verifyAll attestations are signed and can be verified with cosign.
| Predicate | Predicate type | Reference |
|---|---|---|
| CycloneDX SBOM v1.6 | https://cyclonedx.org/bom/v1.6 | dhi.io/rabbitmq@sha256:fe48d563e98cf3f767bac125538e11653da74bcd050440e525cd6422ed530cad |
| Changelog v0.1 | https://docker.com/dhi/changelog/v0.1 | dhi.io/rabbitmq@sha256:0de0dbe2a9a244a5a2206e1a5ac0d20006f213c907253bfce9f6d5423210dd8d |
| DHI Image Sources v0.1 | https://docker.com/dhi/source/v0.1 | dhi.io/rabbitmq@sha256:e250a8be788e9732fc4ab43a152a2af6421e3e5882346a43276ea727000d3500 |
| CVEs v0.2 | https://in-toto.io/attestation/vulns/v0.2 | dhi.io/rabbitmq@sha256:48f5b46304ab21c4ace05eae9a18a25942e96799f8fb1dd9ac49ae02ea1dd0f9 |
| VEX v0.2.0 | https://openvex.dev/ns/v0.2.0 | dhi.io/rabbitmq@sha256:87f89a3b3f0d25bfc6182190655346fcb2ca4bd9a0dfc53996a72f380905183e |
| Scout provenance v0.1 | https://scout.docker.com/provenance/v0.1 | dhi.io/rabbitmq@sha256:e3f29cb94c3fb98b13818877675c2f2013c0bae02fe6678eac0b9ad9cdb54c85 |
| Scout SBOM v0.1 | https://scout.docker.com/sbom/v0.1 | dhi.io/rabbitmq@sha256:d71e6d29c50d8b43619f9701cde01aba23a3e4086f431baae4d67c1939d2fe85 |
| Secrets scan v0.1 | https://scout.docker.com/secrets/v0.1 | dhi.io/rabbitmq@sha256:19f91aede9c5f3f6281b934caf24bf823780bc1758268cb9ee2d0408727f1466 |
| Tests v0.1 | https://scout.docker.com/tests/v0.1 | dhi.io/rabbitmq@sha256:f1212810223ec3d63ba34b6f5a903823faa1c27805bc77145af609620f4258fb |
| Virus scan v0.1 | https://scout.docker.com/virus/v0.1 | dhi.io/rabbitmq@sha256:aa0e811d6720cc2cece25e6d5a894ed28bb3532aad2936a4f5a03b8c115c7759 |
| CVEs v0.1 | https://scout.docker.com/vulnerabilities/v0.1 | dhi.io/rabbitmq@sha256:86e91c8b5d0714a88dc9ab361ea8072dbd980248c91450d971bc16d1bf55e8bd |
| SLSA provenance v0.2 | https://slsa.dev/provenance/v0.2 | dhi.io/rabbitmq@sha256:ec31223be06f2e718557d74bc797555f6f39a1c961d650e93a47192b6a15b8c5 |
| SLSA provenance v1 | https://slsa.dev/provenance/v1 | dhi.io/rabbitmq@sha256:781085775a1a6104358a0e87fb50c4f7613b37326c4036805c286f32d534d36a |
| SLSA verification summary v1 | https://slsa.dev/verification_summary/v1 | dhi.io/rabbitmq@sha256:151feff7b42ff50d9bc84ad87f621217f932a37120ea33bb950bd1c035c66e32 |
| SPDX SBOM | https://spdx.dev/Document | dhi.io/rabbitmq@sha256:33f1da56bbb401b2338564e3e9a0f606fd29b8f153ce03a41eac6234b018fa58 |