Ruby

dhi.io/ruby

Ruby 3.4.x (dev)

CIS
linux/amd64
alpine 3.23
Tags:

3.4-alpine3.23-dev, 3.4.9-alpine3.23-dev

Index digest:

sha256:c8d7f6d0fe28706eac8c679be7a2defa7803e5bae253afd58c75ca3590e224e4

Manifest digest:

sha256:f7094c4131b8ac55f62b4b9d2d0b4ad7faecd435bff4f0ccd7982a4d5ea0f1ba

Size

92.98 MB

Last pushed

13 hours ago

Vulnerabilities

0
0
2
1
1

Support

Active until Mar 2028

Overview

Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.

Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.

How to verify attestations

1. List all available attestations

docker scout attest list dhi.io/ruby:3.4-alpine3.23-dev

2. Verify a specific attestation

For example, to verify the SLSA provenance attestation:

docker scout attest get dhi.io/ruby:3.4-alpine3.23-dev --predicate-type https://slsa.dev/provenance/v0.2 --verify

Attestations

All attestations are signed and can be verified with cosign.

PredicatePredicate typeReference
CycloneDX SBOM v1.6https://cyclonedx.org/bom/v1.6dhi.io/ruby@sha256:748b86e9eed887b06975625c1c98719a63c0e65e775e8ebd5bde67eb38ee4bf8
Changelog v0.1https://docker.com/dhi/changelog/v0.1dhi.io/ruby@sha256:eb3f36be5b1e81b8b485d893adcd6f7f5d6e656a22ca952526cb570f652c690d
DHI Image Sources v0.1https://docker.com/dhi/source/v0.1dhi.io/ruby@sha256:9cc475ecbd9bf129a2c5fc7497a1977be3559e447a323c202bbfc4a4197369c0
CVEs v0.2https://in-toto.io/attestation/vulns/v0.2dhi.io/ruby@sha256:515d8f966d01b110cb12395f9cd03817793b0aa3779594a2055ba7b755ffadd2
VEX v0.2.0https://openvex.dev/ns/v0.2.0dhi.io/ruby@sha256:fbe0ee1754a9b044a7e990ebcecca321d2cc02cd22ed4e31071dc1ce27c85d6b
Scout provenance v0.1https://scout.docker.com/provenance/v0.1dhi.io/ruby@sha256:9bc06ede17f0e8172f4793136adabb01e9d2f7538e4a93009bb68d42e9bdf92b
Scout SBOM v0.1https://scout.docker.com/sbom/v0.1dhi.io/ruby@sha256:c8df8567770f8216c1e8eb7f50e2e06a9a393535ca549740fee5293dd6f3b659
Secrets scan v0.1https://scout.docker.com/secrets/v0.1dhi.io/ruby@sha256:f5b25a7507e7c9d146ad7684262142e5fc1061ad141a9297f0776ff25c43a625
Tests v0.1https://scout.docker.com/tests/v0.1dhi.io/ruby@sha256:61b1e86b8b2b0a72121dde3f53821d0404af812ca51d0a10f439467f1e87a546
Virus scan v0.1https://scout.docker.com/virus/v0.1dhi.io/ruby@sha256:45228291c859cf69019dd5aff39a2e9ea7befc01ec2e239f4ba17d0502fdd0ce
CVEs v0.1https://scout.docker.com/vulnerabilities/v0.1dhi.io/ruby@sha256:79d78437ccd96b0e92d80160ea1586b2b9f446507fc302f72af5bbc45c9fe6c5
SLSA provenance v0.2https://slsa.dev/provenance/v0.2dhi.io/ruby@sha256:afd24f1d34b941f7e919dd805867fb284093f11ec571e95b2b6dae9f283e5b9c
SLSA provenance v1https://slsa.dev/provenance/v1dhi.io/ruby@sha256:c3d78f4fe8c7bdae9b831a9e451267968b794eca2fe75f9889b0db291312d0a3
SLSA verification summary v1https://slsa.dev/verification_summary/v1dhi.io/ruby@sha256:edc16cbc9b62837198b6573ea9981a9198b5b3984533bc052c956c4308827097
SPDX SBOMhttps://spdx.dev/Documentdhi.io/ruby@sha256:3f92e4dac18f62c00f326f7abe3e7d69798455b8783fc20a5b12807fd2fae0ea