Dependencies
| Images | 6 container images |
| Stock (DHI) | 4 images from Docker Hardened Images |
| Custom | 2 images built by wellmaintained |
Images
| Image | Source | Type | Attestations |
|---|---|---|---|
| postgres | dhi.io/postgres:17@sha256:99cb610d5fad... | stock | Docker Hardened Images |
| redis | dhi.io/redis:8@sha256:ed5e2e3edeed... | stock | Docker Hardened Images |
| keycloak | dhi.io/keycloak:26@sha256:f1aa59bc953b... | stock | Docker Hardened Images |
| caddy | dhi.io/caddy:2@sha256:bebd9b1b94a0... | stock | Docker Hardened Images |
| minio | ghcr.io/wellmaintained/packages-dhi/minio | custom | wellmaintained |
| sbomify-app | ghcr.io/wellmaintained/packages-dhi/sbomify-app | custom | wellmaintained |
SBOMs
CycloneDX SBOMs for all container images in this release. Each SBOM is extracted from OCI attestations attached to the container image and included here as a browsable component tree with a downloadable JSON file.
| Image | Type | Format | ||
|---|---|---|---|---|
| postgres | stock | CycloneDX | View | Download |
| redis | stock | CycloneDX | View | Download |
| keycloak | stock | CycloneDX | View | Download |
| caddy | stock | CycloneDX | View | Download |
| minio | custom | CycloneDX | View | Download |
| sbomify-app | custom | CycloneDX | View | Download |
How SBOMs Are Generated
Stock DHI images (postgres, redis, keycloak, caddy) carry SBOMs generated by Docker Hardened Images as part of their 15-attestation suite. These are extracted from the DHI registry at build time.
Custom images (minio, sbomify-app) are built using DHI YAML
definitions with dhi.io/scout-sbom-indexer generating CycloneDX SBOMs, plus
SPDX SBOMs via Syft.
Previous releases
Historical releases and compliance bundles are available at GitHub Releases.
Last updated on • David Laing