Ruby

dhi.io/ruby

Ruby 4.0.x (fips)

CIS
FIPS
STIG
linux/amd64
alpine 3.23
Tags:

4-alpine3.23-fips, 4.0-alpine3.23-fips, 4.0.6-alpine3.23-fips

Index digest:

sha256:924d07ba73d597cc8affb26af5c3d5b7f94d1336564ffe95db2971e8bcc1e973

Manifest digest:

sha256:d6fb7d351ea895785a7754865c0de895912cb21d26197d777815e3cca9ab464d

Size

11.75 MB

Last pushed

8 hours ago

Vulnerabilities

0
0
0
0
0

Support

Active until Mar 2029

Overview

Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.

Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.

How to verify attestations

1. List all available attestations

docker scout attest list dhi.io/ruby:4-alpine3.23-fips

2. Verify a specific attestation

For example, to verify the SLSA provenance attestation:

docker scout attest get dhi.io/ruby:4-alpine3.23-fips --predicate-type https://slsa.dev/provenance/v0.2 --verify

Attestations

All attestations are signed and can be verified with cosign.

PredicatePredicate typeReference
CycloneDX SBOM v1.6https://cyclonedx.org/bom/v1.6dhi.io/ruby@sha256:bf69611f93665ad39fca172f2bdaf05e7aae333a4c6990818e7c374f98d2baea
Changelog v0.1https://docker.com/dhi/changelog/v0.1dhi.io/ruby@sha256:8187c5eb9a5e5604efb38cf8dcae64ae2a2b70bb68317806890ce1bfc41e9c5a
FIPS compliance v0.1https://docker.com/dhi/fips/v0.1dhi.io/ruby@sha256:62be6b0321714ac3d24a139cc414a75be0266682c0315e27f1e100eab0584cc7
DHI Image Sources v0.1https://docker.com/dhi/source/v0.1dhi.io/ruby@sha256:b154d5d979c5d152a279152c7b9f16c59683b08680559b411846120ebf546d19
STIG scan v0.1https://docker.com/dhi/stig/v0.1dhi.io/ruby@sha256:a2238783c7504bb00f53b5623f0d76a46d9cc2edd3613b4839d991915d7ec970
CVEs v0.2https://in-toto.io/attestation/vulns/v0.2dhi.io/ruby@sha256:b9739e0f96e2e4aad02897dd0ac7e54216c5ecf8ab4bc9d0b2d664d983123bd9
VEX v0.2.0https://openvex.dev/ns/v0.2.0dhi.io/ruby@sha256:c2bdf1058ccb078d27492b0e5ae55e5c0c283885489648b208133aa1f47e6417
Scout provenance v0.1https://scout.docker.com/provenance/v0.1dhi.io/ruby@sha256:3a597c72da99067e84bb3c535caf88d23fd45bf481811fb7ef9082b9f9176168
Scout SBOM v0.1https://scout.docker.com/sbom/v0.1dhi.io/ruby@sha256:f3b9f2002f84acdc6d33028483f8c7817b8c0aae584fa263b2344ec7fca569be
Secrets scan v0.1https://scout.docker.com/secrets/v0.1dhi.io/ruby@sha256:5ab9fac2f28831b967ef204a9ebf2f138f0a92ecfc3498c0580642cf1a21ca62
Tests v0.1https://scout.docker.com/tests/v0.1dhi.io/ruby@sha256:857d9a52c8c64208b598b269b6471c6466819ae691fce3b783b5a466f5b3d94c
Virus scan v0.1https://scout.docker.com/virus/v0.1dhi.io/ruby@sha256:05e48b94b6be6078de1f213655bc9324525236b57c07bd53adda58e163f616ab
CVEs v0.1https://scout.docker.com/vulnerabilities/v0.1dhi.io/ruby@sha256:775f865b7d30044f4c38392d9d75bab540505e3233f21db0818bff3bbb133e7f
SLSA provenance v0.2https://slsa.dev/provenance/v0.2dhi.io/ruby@sha256:432b97a9f7a5ab4f4a4a64901cfee97eeb87b4619c2bd72ac4722d8e0a58ee45
SLSA provenance v1https://slsa.dev/provenance/v1dhi.io/ruby@sha256:add82716997d61ec2a31c65aa2ae35cd92dbf9fac586bf3b056cea00fdcadfe0
SLSA verification summary v1https://slsa.dev/verification_summary/v1dhi.io/ruby@sha256:d0180c957ac91addc4594cb9e4a25ed88141d181cc867a5fef0829bee7bcb850
SPDX SBOMhttps://spdx.dev/Documentdhi.io/ruby@sha256:0e04b5b738b095e672427eedab7e2f08e8602e73503fee24e6fddfa9e7f49046