Ruby

dhi.io/ruby

Ruby 3.3.x (fips, dev)

CIS
FIPS
STIG
linux/amd64
alpine 3.23
Tags:

3.3-alpine3.23-fips-dev, 3.3.11-alpine3.23-fips-dev

Index digest:

sha256:4868f31fb726cffa15a63196112d6aa44c32ce408a7413a18dde904a8777545a

Manifest digest:

sha256:1a1b0decd5e13b498ee09a0cc309a0b01b2296e1f91a889c926abcb61d3012e6

Size

94.23 MB

Last pushed

16 hours ago

Vulnerabilities

0
0
2
1
1

Support

Active until Mar 2027

Overview

Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.

Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.

How to verify attestations

1. List all available attestations

docker scout attest list dhi.io/ruby:3.3-alpine3.23-fips-dev

2. Verify a specific attestation

For example, to verify the SLSA provenance attestation:

docker scout attest get dhi.io/ruby:3.3-alpine3.23-fips-dev --predicate-type https://slsa.dev/provenance/v0.2 --verify

Attestations

All attestations are signed and can be verified with cosign.

PredicatePredicate typeReference
CycloneDX SBOM v1.6https://cyclonedx.org/bom/v1.6dhi.io/ruby@sha256:c8ac8f99eba77403b8071e911bcf9242a9c5100a9aa39ec67d976e343f1bdcc8
Changelog v0.1https://docker.com/dhi/changelog/v0.1dhi.io/ruby@sha256:9cf5ef373be028b265e4478b88d5a52c0bd456d30cfe31eebbc04fcf5a5401bf
FIPS compliance v0.1https://docker.com/dhi/fips/v0.1dhi.io/ruby@sha256:0ed85ecc33c1c42549a4faa3691f8f43c289a4b0be8575742de06b5bae80f085
DHI Image Sources v0.1https://docker.com/dhi/source/v0.1dhi.io/ruby@sha256:a0d2b60ac7ddfed4de85413949bf04d126ffaed7df65ede2a8fba05ff95ddf7f
STIG scan v0.1https://docker.com/dhi/stig/v0.1dhi.io/ruby@sha256:dcd63411ddcaf652856babc0b24093b536f86afd18a86538cea1b1dab52c722d
CVEs v0.2https://in-toto.io/attestation/vulns/v0.2dhi.io/ruby@sha256:e6d8e669d1e51bd9dd89109b8b3119dca833a4088ae73c473b49bd55ed389d32
VEX v0.2.0https://openvex.dev/ns/v0.2.0dhi.io/ruby@sha256:c0d398b91ad10b29cc835c8f34a54a705fba6697007cf2399f0ccffb3e2fc46e
Scout provenance v0.1https://scout.docker.com/provenance/v0.1dhi.io/ruby@sha256:d3b9b812bf8da8db6857a68a86f804b4848c3225e3ad2ba325a1233d826e3b7a
Scout SBOM v0.1https://scout.docker.com/sbom/v0.1dhi.io/ruby@sha256:5bbc100809e81c66c73033fdedcc07a73a3e1f30f681c73233d9620c318ccd65
Secrets scan v0.1https://scout.docker.com/secrets/v0.1dhi.io/ruby@sha256:ccccdb573ae30dc79779b0f146dd8f6223e31a23c8ababcc2a017c31973be693
Tests v0.1https://scout.docker.com/tests/v0.1dhi.io/ruby@sha256:04ba30321aab2d39026c002ae9fe94dd08664d7b868f58b05b56bea0bfbc883c
Virus scan v0.1https://scout.docker.com/virus/v0.1dhi.io/ruby@sha256:21068de83341aa17d869e7ff3c685276bde82f3ad925367e35b9be4347615ca7
CVEs v0.1https://scout.docker.com/vulnerabilities/v0.1dhi.io/ruby@sha256:ee06e11413d4e2ea66406dd373373c31d12f280c85a897b1f5a158601550268a
SLSA provenance v0.2https://slsa.dev/provenance/v0.2dhi.io/ruby@sha256:d4ce3feb97a77bdc8b4c7c9d3843733bc1bc91483b525c58ea9a1d6025b694bd
SLSA provenance v1https://slsa.dev/provenance/v1dhi.io/ruby@sha256:b12af9bf501141bc99cf8eca3535a9e22f34d645cacb3d3c212e7fa7cff155cc
SLSA verification summary v1https://slsa.dev/verification_summary/v1dhi.io/ruby@sha256:e2e1c9391dc57e21debd12eb2db9917b110b6c5215dab39c28f204fb73b1448c
SPDX SBOMhttps://spdx.dev/Documentdhi.io/ruby@sha256:6f247885a28f81c976d50a504dc37371bd99680f8eeb7438b3a4883a6e5c4bd2