Attestations
dhi.io/ruby
4-debian-fips-dev, 4-debian13-fips-dev, 4-fips-dev, 4.0-debian-fips-dev, 4.0-debian13-fips-dev, 4.0-fips-dev, 4.0.6-debian-fips-dev, 4.0.6-debian13-fips-dev, 4.0.6-fips-dev
sha256:84fd0662b52d47e43790a5f629969373fe3769d6024840cbe25d9d759ce4b659
Manifest digest:sha256:256647077d4a0ed3c669e3dc66927f066f9b4c58e3d6762689947c36220f019b
Size
160.09 MB
Last pushed
1 hour ago
Vulnerabilities
Support
Active
Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.
Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.
1. List all available attestations
docker scout attest list dhi.io/ruby:4-debian-fips-dev2. Verify a specific attestation
For example, to verify the SLSA provenance attestation:
docker scout attest get dhi.io/ruby:4-debian-fips-dev --predicate-type https://slsa.dev/provenance/v0.2 --verifyAll attestations are signed and can be verified with cosign.
| Predicate | Predicate type | Reference |
|---|---|---|
| CycloneDX SBOM v1.6 | https://cyclonedx.org/bom/v1.6 | dhi.io/ruby@sha256:cd60fa47bdd37851f64554057bf04ff8e515f613c64fa183f4e8b81a8f69a78d |
| Changelog v0.1 | https://docker.com/dhi/changelog/v0.1 | dhi.io/ruby@sha256:10c1a40a2dfdbd80aa4c78083b11be7e1490f21e920d21b56942179bebb002fe |
| FIPS compliance v0.1 | https://docker.com/dhi/fips/v0.1 | dhi.io/ruby@sha256:f62a65cb51bce8152348f2a5f061cb1416e687a36e6980a88fafb67fc637b4fa |
| DHI Image Sources v0.1 | https://docker.com/dhi/source/v0.1 | dhi.io/ruby@sha256:a871ef8985a1d51f958939d2a8683f287d98e49113694248c5b04e0874b86c6f |
| STIG scan v0.1 | https://docker.com/dhi/stig/v0.1 | dhi.io/ruby@sha256:d075313c70b769dbabdf1502a94b3f94f46f0bfde78066aca3707d3a75c7a80e |
| CVEs v0.2 | https://in-toto.io/attestation/vulns/v0.2 | dhi.io/ruby@sha256:5e7b8fb6b3937853087ac7a98b24dfc04b03c1934bf3aa5b1405d3eb461c555e |
| VEX v0.2.0 | https://openvex.dev/ns/v0.2.0 | dhi.io/ruby@sha256:5bbbaec540cf8aae460f057e2aca5dc23a567548cbe737cce51889cba4a9a64c |
| Scout provenance v0.1 | https://scout.docker.com/provenance/v0.1 | dhi.io/ruby@sha256:c0f36bb4cc19f6ab843684be3030aa79356c05d3ac423b752748cfffcb8d3e4f |
| Scout SBOM v0.1 | https://scout.docker.com/sbom/v0.1 | dhi.io/ruby@sha256:1d61aab19607a632787b1ebfec5bac44244b31ef1591073799a1763fa8ec23d2 |
| Secrets scan v0.1 | https://scout.docker.com/secrets/v0.1 | dhi.io/ruby@sha256:1e60ff3909f367fe207be777188d5d8a4f45c8ee3b2900461d1c80452a95396a |
| Tests v0.1 | https://scout.docker.com/tests/v0.1 | dhi.io/ruby@sha256:c56a0453e268b7d2bf9b618ea621099070c3c9110da1e2bb718d3a667c8d446e |
| Virus scan v0.1 | https://scout.docker.com/virus/v0.1 | dhi.io/ruby@sha256:cf3b4d29c0061df7adc0a83238abab4ffe5948cdb546d3f02c5bf5577ad5164a |
| CVEs v0.1 | https://scout.docker.com/vulnerabilities/v0.1 | dhi.io/ruby@sha256:309f1dbc0a97cb0c7fee9d7aae202a2f223a51e22bd1473828f24a48ebca1986 |
| SLSA provenance v0.2 | https://slsa.dev/provenance/v0.2 | dhi.io/ruby@sha256:293f6f140ef64c7ac51a324676892aa65f810a68c3afd2263bae0ec724ecd7c4 |
| SLSA provenance v1 | https://slsa.dev/provenance/v1 | dhi.io/ruby@sha256:91b424bda7263ed0d58206e6ed67dc23ceae73a4264402b2188747a48226b155 |
| SLSA verification summary v1 | https://slsa.dev/verification_summary/v1 | dhi.io/ruby@sha256:194db9790d9a4d03208e3f7500d720b09864e59d182e3c2e58dd7d4f986740c1 |
| SPDX SBOM | https://spdx.dev/Document | dhi.io/ruby@sha256:66b0147b1f210f45cb563a72cc9f1bcd6c1e3fa1786970faa7f832f68bad365a |