Attestations
dhi.io/rust
1-alpine3.23, 1.96-alpine3.23, 1.96.1-alpine3.23
sha256:10206d5319f005454458c31d2d2a78de8f2d9d22cad2eb91e105b93f962c8d5d
Manifest digest:sha256:0fa822ea20daab711cb122953bd7bdd42f03ee7650a835172eaeb0a1fd7d69f8
Size
189.96 MB
Last pushed
6 days ago
Vulnerabilities
Support
Active
Docker Hardened Images include comprehensive security attestations that verify the image's build process, contents, and security posture. This image is built using SLSA Build Level 3 practices. Additionally, this image includes a source attestation that links to a corresponding source image containing all build materials. The following attestations are available and can be verified using cosign.
Docker's DHI public key is available at https://registry.scout.docker.com/keyring/dhi/latest.pub and also archived at https://github.com/docker-hardened-images/keyring.
1. List all available attestations
docker scout attest list dhi.io/rust:1-alpine3.232. Verify a specific attestation
For example, to verify the SLSA provenance attestation:
docker scout attest get dhi.io/rust:1-alpine3.23 --predicate-type https://slsa.dev/provenance/v0.2 --verifyAll attestations are signed and can be verified with cosign.
| Predicate | Predicate type | Reference |
|---|---|---|
| CycloneDX SBOM v1.6 | https://cyclonedx.org/bom/v1.6 | dhi.io/rust@sha256:aa3c9d88f3c31fe4a8aa6d4eef52694d896e230d8bc75fe62071d2d5175fe09e |
| Changelog v0.1 | https://docker.com/dhi/changelog/v0.1 | dhi.io/rust@sha256:db8a4339de61fc6af581f709a022740f5e5ef9877ba9c59cf324202737a259d8 |
| DHI Image Sources v0.1 | https://docker.com/dhi/source/v0.1 | dhi.io/rust@sha256:cb30ba2cec80c73a6f9ca098561d0ce6e6676661d8feba18e765c75b100234dd |
| CVEs v0.2 | https://in-toto.io/attestation/vulns/v0.2 | dhi.io/rust@sha256:05e0f58d74cc554e037e1e3d9ea3169a6d08ccab11626fa77c743a85c76d0e38 |
| VEX v0.2.0 | https://openvex.dev/ns/v0.2.0 | dhi.io/rust@sha256:20b727977d47b68b90ba330101320f6b9efc66f4c8d478d1734972d568d554ec |
| Scout provenance v0.1 | https://scout.docker.com/provenance/v0.1 | dhi.io/rust@sha256:43a5a939687aa6fe1bcfe1b9f461ff41da77a127c3af0a7a47e01306a743c3cc |
| Scout SBOM v0.1 | https://scout.docker.com/sbom/v0.1 | dhi.io/rust@sha256:0e43dc2ea8e6f5db9284438796e254ba30dfc26bad7274c87d2739c8a2928947 |
| Secrets scan v0.1 | https://scout.docker.com/secrets/v0.1 | dhi.io/rust@sha256:d42f675729bfcafbc199473f7e20260393d72aeadfd0779d3308afff0f826722 |
| Tests v0.1 | https://scout.docker.com/tests/v0.1 | dhi.io/rust@sha256:da5e22821bc401dee948e7d78cc9f59372797e519e4ad2ac0a37aca3a9cb4c47 |
| Virus scan v0.1 | https://scout.docker.com/virus/v0.1 | dhi.io/rust@sha256:96c24dcb6629a58e956892ddab575c2fac808c9eca5e93cb25155d837e0867b7 |
| CVEs v0.1 | https://scout.docker.com/vulnerabilities/v0.1 | dhi.io/rust@sha256:1711a1addefca6d705e221fe8b18299958a67cc4445cf5a4e450a0169e2ae12e |
| SLSA provenance v0.2 | https://slsa.dev/provenance/v0.2 | dhi.io/rust@sha256:a2009ea469983153950c2802345132793587717a5eef3cd49f6a0ea3f3aa4657 |
| SLSA provenance v1 | https://slsa.dev/provenance/v1 | dhi.io/rust@sha256:0c4a6df34d8ca3417961c01e0f1f2ddf3ca6b3fb30affa6b2c6361e4343b820c |
| SLSA verification summary v1 | https://slsa.dev/verification_summary/v1 | dhi.io/rust@sha256:222ab8a52ba0d2c4aa331dfda5ab2064f5fb4f6aec0bbcec1b5bab0352a04570 |
| SPDX SBOM | https://spdx.dev/Document | dhi.io/rust@sha256:4f1499085cd7f31c00eaf806464e9a217b5dddb1f58bbbfa7e04ecd0ae7b3f49 |