Ruby

dhi.io/ruby

Ruby 3.4.x (dev)

CIS
linux/amd64
alpine 3.24
Tags:

3.4-alpine-dev, 3.4-alpine3.24-dev, 3.4.9-alpine-dev, 3.4.9-alpine3.24-dev

Index digest:

sha256:c02b01b1225a3aaf69f45616f73fd3bd0e4f8c6cadb0d371c20e60c0f54a9294

Manifest digest:

sha256:23e88b34aa739d1ce849d53e9ec0d0d6d622bee27bec804121ee6089c3875e24

Size

93.06 MB

Last pushed

17 hours ago

Vulnerabilities

0
0
2
1
1

Support

Active until Mar 2028

Overview

Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.

Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.

How to verify attestations

1. List all available attestations

docker scout attest list dhi.io/ruby:3.4-alpine-dev

2. Verify a specific attestation

For example, to verify the SLSA provenance attestation:

docker scout attest get dhi.io/ruby:3.4-alpine-dev --predicate-type https://slsa.dev/provenance/v0.2 --verify

Attestations

All attestations are signed and can be verified with cosign.

PredicatePredicate typeReference
CycloneDX SBOM v1.6https://cyclonedx.org/bom/v1.6dhi.io/ruby@sha256:a725c76d44902e47cfecfdd664cabd491a8f2654882b5f734859ab15271497ba
Changelog v0.1https://docker.com/dhi/changelog/v0.1dhi.io/ruby@sha256:2f983b042f370e142584227e627d112fb156650466b630ab608ec477e138dc2f
DHI Image Sources v0.1https://docker.com/dhi/source/v0.1dhi.io/ruby@sha256:cb8870fc3c2fbf39282ae88846ed2d42c157e6e6f3fab55ce53e23416d0112e5
CVEs v0.2https://in-toto.io/attestation/vulns/v0.2dhi.io/ruby@sha256:f58e30254bee258167d49e5421276ccafe7b4dbc8f43bd2d52ecd05dbd1559e4
Scout provenance v0.1https://scout.docker.com/provenance/v0.1dhi.io/ruby@sha256:bac109428398f504c993cc003bee3adff21b07736a872445d0a7a2ba35264471
Scout SBOM v0.1https://scout.docker.com/sbom/v0.1dhi.io/ruby@sha256:29609be8cabef8fc6f9beaa2b23e94bdc3ee01c4cfb6a71ad50e6c59bb439b9e
Secrets scan v0.1https://scout.docker.com/secrets/v0.1dhi.io/ruby@sha256:d92b4bd43211c6b43144d682659619ef547ed769a82904a204fa5bd8accb0542
Tests v0.1https://scout.docker.com/tests/v0.1dhi.io/ruby@sha256:1caaa5422b4f47aa460b6e95ccca6e529e34c35bb08a831b4b7778aa40ede271
Virus scan v0.1https://scout.docker.com/virus/v0.1dhi.io/ruby@sha256:4a030dad3327142559c4466d410a92ded7a357899685548196b73780e657d289
CVEs v0.1https://scout.docker.com/vulnerabilities/v0.1dhi.io/ruby@sha256:e4d444550e7aabedd1db898e97315dbe1c744208f98d46181c0cab67bbdc4f68
SLSA provenance v0.2https://slsa.dev/provenance/v0.2dhi.io/ruby@sha256:24ed57b1817038ff405f5fd0fcbf0cc9e2e45d89b582cca7a0e12423bf8a0d43
SLSA provenance v1https://slsa.dev/provenance/v1dhi.io/ruby@sha256:b29bd0b4351df5b7fd70859c5eb3144a0ab21a9f389b87b04275a5e2d6d32649
SLSA verification summary v1https://slsa.dev/verification_summary/v1dhi.io/ruby@sha256:9b05dcd10895efb476efb346b7478bdba7c34824db34c03b1a869f04dc030560
SPDX SBOMhttps://spdx.dev/Documentdhi.io/ruby@sha256:e40c47a9a12ad19013841dae2c3f979ad433e80007946dd2ebe35c49a73c0a82