Ruby

dhi.io/ruby

Ruby 3.4.x (fips, dev)

CIS
FIPS
STIG
linux/amd64
alpine 3.23
Tags:

3.4-alpine3.23-fips-dev, 3.4.9-alpine3.23-fips-dev

Index digest:

sha256:2e9b694852afa930cc317d3d221cca57e86bca7d281463f91b1c1ab136d681f6

Manifest digest:

sha256:faea0850441b0059ad379b8a5a23c16031ae6c78212cc779739dc6b78fbe9c9e

Size

93.82 MB

Last pushed

15 hours ago

Vulnerabilities

0
0
2
1
1

Support

Active until Mar 2028

Overview

Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.

Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.

How to verify attestations

1. List all available attestations

docker scout attest list dhi.io/ruby:3.4-alpine3.23-fips-dev

2. Verify a specific attestation

For example, to verify the SLSA provenance attestation:

docker scout attest get dhi.io/ruby:3.4-alpine3.23-fips-dev --predicate-type https://slsa.dev/provenance/v0.2 --verify

Attestations

All attestations are signed and can be verified with cosign.

PredicatePredicate typeReference
CycloneDX SBOM v1.6https://cyclonedx.org/bom/v1.6dhi.io/ruby@sha256:68a8651caca88f24b46e9d48e009a2c1460809c74bc20b6e7856bd77466909a5
Changelog v0.1https://docker.com/dhi/changelog/v0.1dhi.io/ruby@sha256:068902ec27c210471222229ad42c8ecc1cbe188280bd67295926f0e586e0c3bc
FIPS compliance v0.1https://docker.com/dhi/fips/v0.1dhi.io/ruby@sha256:7e5b030ca72d00fac48aded5390fa4eec70363a8747d65534567a3c7f2526285
DHI Image Sources v0.1https://docker.com/dhi/source/v0.1dhi.io/ruby@sha256:0a0b7eb547cf988801ecf5227e3116403dfd6b1c943ef1bf2855f8b410c1d8ba
STIG scan v0.1https://docker.com/dhi/stig/v0.1dhi.io/ruby@sha256:485d3fa241e130c5811d0b5be2e4e0ee558dba91cc9be2229b069188df1b838c
CVEs v0.2https://in-toto.io/attestation/vulns/v0.2dhi.io/ruby@sha256:d590290f65cbc9b9f294683e3bd800fc8ac5c0f33a8fa66344b0652f007100a7
VEX v0.2.0https://openvex.dev/ns/v0.2.0dhi.io/ruby@sha256:093f3a1078c8c9f2f784a45c59157e65e73b729a19c419b557bb201d6c47b406
Scout provenance v0.1https://scout.docker.com/provenance/v0.1dhi.io/ruby@sha256:96eb119757d84da2c57b7d9c0319ae59f83f17236810c7ea7947be146cd49f41
Scout SBOM v0.1https://scout.docker.com/sbom/v0.1dhi.io/ruby@sha256:85d677c3f2f3f812a31bc0fc6ee9727f31283f7d3520c11135138df26485c895
Secrets scan v0.1https://scout.docker.com/secrets/v0.1dhi.io/ruby@sha256:b16c10dcebe0524ee0dbd6fa82b8006264681d18722bb83e90257bacda90b960
Tests v0.1https://scout.docker.com/tests/v0.1dhi.io/ruby@sha256:8dc80846edddee8593dec59ad9b9a9cc4c486963b1e9a66f87a7c1d4ea1cd453
Virus scan v0.1https://scout.docker.com/virus/v0.1dhi.io/ruby@sha256:a238a261027b93cee0cdf25fea95f599762b7e74c918229e8e24e73594417c62
CVEs v0.1https://scout.docker.com/vulnerabilities/v0.1dhi.io/ruby@sha256:b4f002b4150e437380ae9f19e16c50554c2a69576602f2a27ddf8a462730a3fd
SLSA provenance v0.2https://slsa.dev/provenance/v0.2dhi.io/ruby@sha256:7b14392f36c3937d55707df2d85ebe8389c5668808c983907b2c24edd023b1a0
SLSA provenance v1https://slsa.dev/provenance/v1dhi.io/ruby@sha256:2be3c94ee132de29f04bc741bdb143e7b47e35ffb916c9a30a6604027956129f
SLSA verification summary v1https://slsa.dev/verification_summary/v1dhi.io/ruby@sha256:a3e0545c5d1a8ceaa0c640bef83b7421edbf4fc1a71032da1bae6bb7ab856552
SPDX SBOMhttps://spdx.dev/Documentdhi.io/ruby@sha256:d1e1edf305ec9ffd61f0b3c55fab981896bfe6f0c3d78d11ad7f0fc7bdfdf8bf