Ruby

dhi.io/ruby

Ruby 3.3.x (fips, dev)

CIS
FIPS
STIG
linux/amd64
alpine 3.24
Tags:

3.3-alpine-fips-dev, 3.3-alpine3.24-fips-dev, 3.3.11-alpine-fips-dev, 3.3.11-alpine3.24-fips-dev

Index digest:

sha256:cb2b8464b9cb08c530cab6a8591268f84b0cc03f1c06cc77f9c8cb4c7733779a

Manifest digest:

sha256:3a8c262a5608d8c6647b5cbb5de1eb5e34e9b70fd28909032d2cd042e6714c71

Size

94.29 MB

Last pushed

17 hours ago

Vulnerabilities

0
0
2
1
1

Support

Active until Mar 2027

Overview

Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.

Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.

How to verify attestations

1. List all available attestations

docker scout attest list dhi.io/ruby:3.3-alpine-fips-dev

2. Verify a specific attestation

For example, to verify the SLSA provenance attestation:

docker scout attest get dhi.io/ruby:3.3-alpine-fips-dev --predicate-type https://slsa.dev/provenance/v0.2 --verify

Attestations

All attestations are signed and can be verified with cosign.

PredicatePredicate typeReference
CycloneDX SBOM v1.6https://cyclonedx.org/bom/v1.6dhi.io/ruby@sha256:c04bba9d814cf0b6f9b274e50fd166327fda56b3304fe92d15d939cbd6983b46
Changelog v0.1https://docker.com/dhi/changelog/v0.1dhi.io/ruby@sha256:41db141ae8989c55ecd0a28f991acfe9dd32e1d3f49a6906c5d44db80fe06d37
FIPS compliance v0.1https://docker.com/dhi/fips/v0.1dhi.io/ruby@sha256:a870b4cfc1a0a6c4a8ac4189b21022ef7231750aa1e16706ad6fde3b5b253aac
DHI Image Sources v0.1https://docker.com/dhi/source/v0.1dhi.io/ruby@sha256:674716d9043c97a3886623fb2867f7fac71ddd5a0753f2620803c0c8b2bba8ad
STIG scan v0.1https://docker.com/dhi/stig/v0.1dhi.io/ruby@sha256:9592497cc8c64c68baface61583741cb7646b254881cb7ce888d1488d5d37316
CVEs v0.2https://in-toto.io/attestation/vulns/v0.2dhi.io/ruby@sha256:3512f374c72d2db08d96732c75cdc34694675729f1f89c204f32f816d5acf48b
Scout provenance v0.1https://scout.docker.com/provenance/v0.1dhi.io/ruby@sha256:793c22c230f38567a7ac4865132792d3bc8e3f9bedbdc8ab1b5f42162a9288db
Scout SBOM v0.1https://scout.docker.com/sbom/v0.1dhi.io/ruby@sha256:03b9c33d695daddcbcc3ec33f6edade9c701bde04275dee8c47a65c7e46add41
Secrets scan v0.1https://scout.docker.com/secrets/v0.1dhi.io/ruby@sha256:6b15488a2e0526181343eaadae9dea993fa82aa37364cc27113454dc4a46a13c
Tests v0.1https://scout.docker.com/tests/v0.1dhi.io/ruby@sha256:f59d2cbd6cde2fa02309c9e1d0e45e989bf44e2a4aca947a69ba3f71766aa236
Virus scan v0.1https://scout.docker.com/virus/v0.1dhi.io/ruby@sha256:9b2205ce12a25a57cd3ad8f97b10e227c63f8c43559ff0cf1d49a99a405e29bd
CVEs v0.1https://scout.docker.com/vulnerabilities/v0.1dhi.io/ruby@sha256:fe45906474dd296e6c91ade86f8788f8199ccc403f1e69e25a7c660b47bb53a8
SLSA provenance v0.2https://slsa.dev/provenance/v0.2dhi.io/ruby@sha256:3fa67fd0b83c600274fcd12e8192ecc21859ca23ff0d214fbbc8ffcb28cb30ac
SLSA provenance v1https://slsa.dev/provenance/v1dhi.io/ruby@sha256:d3d0327a8473d9bfd54a4bbfd334e0dddf3ab86b1df6965e475ef911fdab7e57
SLSA verification summary v1https://slsa.dev/verification_summary/v1dhi.io/ruby@sha256:031c89f3afe8e885c32ec42cbfe26053b8e3f39dd1c9e37c1709dabf5f6bf5ba
SPDX SBOMhttps://spdx.dev/Documentdhi.io/ruby@sha256:a14644a64520d1a02ca29fab02d55b56da2ab3ebec84c611c4a62de024543bde