{ "_type": "https://in-toto.io/Statement/v0.1", "predicateType": "https://cosign.sigstore.dev/attestation/vuln/v1", "subject": [ { "name": "", "digest": { "sha256": "" } } ], "predicate": { "invocation": { "parameters": null, "uri": "", "event_id": "", "builder.id": "" }, "scanner": { "uri": "pkg:github.com/neuvector/scanner@0212004", "version": "0212004", "db": { "uri": "pkg:github.com/neuvector/vul-dbgen@4.114", "version": "4.114" }, "result": { "error_message": "", "report": { "image_id": "f298d1c5a726d5f428464b66900fb0c6a96889b9f2315ce84576edb8f0350732", "registry": "", "repository": "bci/bci-base-fips", "tag": "15.7-157.1", "digest": "", "size": 129465107, "author": "", "base_os": "sles:15.7", "created_at": "0001-01-01T00:00:00Z", "cvedb_version": "4.114", "cvedb_create_time": "2026-03-25T01:40:56Z", "layers": [], "vulnerabilities": [], "modules": [ { "name": "libsemanage-conf", "version": "3.5-150600.1.48", "source": "sles:15.7" }, { "name": "boost-license1_66_0", "version": "1.66.0-150200.12.7.1", "source": "sles:15.7" }, { "name": "libuuid1", "version": "2.40.4-150700.4.3.1", "source": "sles:15.7" }, { "name": "libgcc_s1", "version": "15.2.0+git10201-150000.1.9.1", "source": "sles:15.7" }, { "name": "liblzma5", "version": "5.4.1-150600.3.3.1", "source": "sles:15.7" }, { "name": "kubic-locale-archive", "version": "2.38-150600.18.3", "source": "sles:15.7" }, { "name": "system-user-nobody", "version": "20170617-150400.24.2.1", "source": "sles:15.7" }, { "name": "terminfo-base", "version": "6.1-150000.5.30.1", "source": "sles:15.7" }, { "name": "libreadline7", "version": "7.0-150400.27.6.1", "source": "sles:15.7" }, { "name": "libmount1", "version": "2.40.4-150700.4.3.1", "source": "sles:15.7" }, { "name": "libgpgme11", "version": "1.23.0-150600.3.5.1", "source": "sles:15.7" }, { "name": "shadow", "version": "4.8.1-150600.17.9.1", "source": "sles:15.7" }, { "name": "tar", "version": "1.34-150000.3.37.1", "source": "sles:15.7" }, { "name": "libsqlite3-0", "version": "3.51.3-150000.3.39.1", "source": "sles:15.7" }, { "name": "libgpg-error0", "version": "1.50-150700.1.8", "source": "sles:15.7" }, { "name": "login_defs", "version": "4.8.1-150600.17.9.1", "source": "sles:15.7" }, { "name": "pam", "version": "1.3.0-150000.6.86.1", "source": "sles:15.7" }, { "name": "libfa1", "version": "1.14.1-150600.3.3.1", "source": "sles:15.7" }, { "name": "libcom_err2", "version": "1.47.0-150600.4.6.2", "source": "sles:15.7" }, { "name": "libzypp", "version": "17.37.18-150700.6.3.1", "source": "sles:15.7" }, { "name": "libz1", "version": "1.2.13-150500.4.6.1", "source": "sles:15.7" }, { "name": "libsigc-2_0-0", "version": "2.12.1-150600.1.2", "source": "sles:15.7" }, { "name": "cracklib", "version": "2.9.11-150600.1.90", "source": "sles:15.7" }, { "name": "info", "version": "6.5-4.17", "source": "sles:15.7" }, { "name": "libglib-2_0-0", "version": "2.78.6-150600.4.35.1", "source": "sles:15.7" }, { "name": "system-group-hardware", "version": "20170617-150400.24.2.1", "source": "sles:15.7" }, { "name": "system-user-root", "version": "20190513-3.3.1", "source": "sles:15.7" }, { "name": "libsmartcols1", "version": "2.40.4-150700.4.3.1", "source": "sles:15.7" }, { "name": "libcap-ng0", "version": "0.7.9-4.37", "source": "sles:15.7" }, { "name": "openssl", "version": "3.2.3-150700.1.1", "source": "sles:15.7" }, { "name": "sle-module-server-applications-release", "version": "15.7-150700.28.1", "source": "sles:15.7" }, { "name": "p11-kit-tools", "version": "0.23.22-150500.8.3.1", "source": "sles:15.7" }, { "name": "libboost_system1_66_0", "version": "1.66.0-150200.12.7.1", "source": "sles:15.7" }, { "name": "libdw1", "version": "0.185-150400.5.8.3", "source": "sles:15.7" }, { "name": "libaugeas0", "version": "1.14.1-150600.3.3.1", "source": "sles:15.7" }, { "name": "krb5", "version": "1.20.1-150600.11.14.1", "source": "sles:15.7" }, { "name": "permissions", "version": "20240826-150700.14.4", "source": "sles:15.7" }, { "name": "branding-SLE", "version": "15-150700.48.2", "source": "sles:15.7" }, { "name": "patterns-base-minimal_base", "version": "20200124-150700.36.1", "source": "sles:15.7" }, { "name": "bash-sh", "version": "4.4-150400.27.6.1", "source": "sles:15.7" }, { "name": "libverto1", "version": "0.2.6-3.20", "source": "sles:15.7" }, { "name": "libpcre2-8-0", "version": "10.42-150600.1.26", "source": "sles:15.7" }, { "name": "diffutils", "version": "3.6-4.3.1", "source": "sles:15.7" }, { "name": "libcurl4", "version": "8.14.1-150700.7.14.1", "source": "sles:15.7" }, { "name": "libusb-1_0-0", "version": "1.0.24-150400.3.3.1", "source": "sles:15.7" }, { "name": "libfdisk1", "version": "2.40.4-150700.4.3.1", "source": "sles:15.7" }, { "name": "libtirpc3", "version": "1.3.4-150300.3.23.1", "source": "sles:15.7" }, { "name": "libp11-kit0", "version": "0.23.22-150500.8.3.1", "source": "sles:15.7" }, { "name": "libtirpc-netconfig", "version": "1.3.4-150300.3.23.1", "source": "sles:15.7" }, { "name": "libsasl2-3", "version": "2.1.28-150600.7.14.1", "source": "sles:15.7" }, { "name": "libunistring2", "version": "0.9.10-1.1", "source": "sles:15.7" }, { "name": "libkeyutils1", "version": "1.6.3-5.6.1", "source": "sles:15.7" }, { "name": "libcrack2", "version": "2.9.11-150600.1.90", "source": "sles:15.7" }, { "name": "libidn2-0", "version": "2.2.0-3.6.1", "source": "sles:15.7" }, { "name": "libldap-2_4-2", "version": "2.4.46-150600.25.3.1", "source": "sles:15.7" }, { "name": "zypper", "version": "1.14.94-150700.13.3.1", "source": "sles:15.7" }, { "name": "p11-kit", "version": "0.23.22-150500.8.3.1", "source": "sles:15.7" }, { "name": "libstdc++6", "version": "15.2.0+git10201-150000.1.9.1", "source": "sles:15.7" }, { "name": "libselinux1", "version": "3.5-150600.3.3.1", "source": "sles:15.7" }, { "name": "suse-build-key", "version": "12.0-150000.8.61.2", "source": "sles:15.7" }, { "name": "libcrypt1", "version": "4.4.15-150300.4.7.1", "source": "sles:15.7" }, { "name": "fillup", "version": "1.42-2.18", "source": "sles:15.7" }, { "name": "skelcd-EULA-bci", "version": "20250430-150700.1.1", "source": "sles:15.7" }, { "name": "container-suseconnect", "version": "2.5.6-150000.4.82.1", "source": "sles:15.7" }, { "name": "libtasn1-6", "version": "4.13-150000.4.14.1", "source": "sles:15.7" }, { "name": "libbrotlidec1", "version": "1.0.7-150200.3.5.1", "source": "sles:15.7" }, { "name": "libncurses6", "version": "6.1-150000.5.30.1", "source": "sles:15.7" }, { "name": "libzstd1", "version": "1.5.7-150700.1.2", "source": "sles:15.7" }, { "name": "liblua5_3-5", "version": "5.3.6-3.6.1", "source": "sles:15.7" }, { "name": "gpg2", "version": "2.4.4-150600.3.15.1", "source": "sles:15.7" }, { "name": "libsolv-tools-base", "version": "0.7.35-150700.11.5.2", "source": "sles:15.7" }, { "name": "libtasn1", "version": "4.13-150000.4.14.1", "source": "sles:15.7" }, { "name": "crypto-policies", "version": "20230920.570ea89-150600.3.16.1", "source": "sles:15.7" }, { "name": "libbz2-1", "version": "1.0.8-150400.1.122", "source": "sles:15.7" }, { "name": "libyaml-cpp0_6", "version": "0.6.3-150400.4.3.1", "source": "sles:15.7" }, { "name": "cpio", "version": "2.13-150400.3.6.1", "source": "sles:15.7" }, { "name": "libxml2-2", "version": "2.12.10-150700.4.11.1", "source": "sles:15.7" }, { "name": "libblkid1", "version": "2.40.4-150700.4.3.1", "source": "sles:15.7" }, { "name": "libzck1", "version": "1.5.1-150700.1.2", "source": "sles:15.7" }, { "name": "sle-module-basesystem-release", "version": "15.7-150700.28.1", "source": "sles:15.7" }, { "name": "libcap2", "version": "2.63-150400.3.3.1", "source": "sles:15.7" }, { "name": "libssh-config", "version": "0.9.8-150600.11.9.1", "source": "sles:15.7" }, { "name": "libnpth0", "version": "1.5-2.11", "source": "sles:15.7" }, { "name": "libacl1", "version": "2.2.52-4.3.1", "source": "sles:15.7" }, { "name": "libudev1", "version": "254.27-150600.4.62.1", "source": "sles:15.7" }, { "name": "sles-release", "version": "15.7-150700.28.1", "source": "sles:15.7" }, { "name": "aaa_base", "version": "84.87+git20180409.04c9dae-150300.10.28.2", "source": "sles:15.7" }, { "name": "ca-certificates-mozilla", "version": "2.84-150200.44.1", "source": "sles:15.7" }, { "name": "libldap-data", "version": "2.4.46-150600.25.3.1", "source": "sles:15.7" }, { "name": "libelf1", "version": "0.185-150400.5.8.3", "source": "sles:15.7" }, { "name": "libpopt0", "version": "1.16-3.22", "source": "sles:15.7" }, { "name": "coreutils", "version": "8.32-150400.9.9.1", "source": "sles:15.7" }, { "name": "util-linux", "version": "2.40.4-150700.4.3.1", "source": "sles:15.7" }, { "name": "file-magic", "version": "5.32-7.14.1", "source": "sles:15.7" }, { "name": "filesystem", "version": "15.0-11.8.1", "source": "sles:15.7" }, { "name": "bash", "version": "4.4-150400.27.6.1", "source": "sles:15.7" }, { "name": "libzio1", "version": "1.06-2.20", "source": "sles:15.7" }, { "name": "sed", "version": "4.9-150600.1.4", "source": "sles:15.7" }, { "name": "patterns-base-fips", "version": "20200124-150700.36.1", "source": "sles:15.7" }, { "name": "libmagic1", "version": "5.32-7.14.1", "source": "sles:15.7" }, { "name": "libopenssl-3-fips-provider", "version": "3.2.3-150700.5.24.1", "source": "sles:15.7" }, { "name": "libsemanage2", "version": "3.5-150600.1.48", "source": "sles:15.7" }, { "name": "sle-module-python3-release", "version": "15.7-150700.28.1", "source": "sles:15.7" }, { "name": "libgmp10", "version": "6.1.2-4.9.1", "source": "sles:15.7" }, { "name": "pinentry", "version": "1.1.0-4.3.1", "source": "sles:15.7" }, { "name": "netcfg", "version": "11.6-150000.3.6.1", "source": "sles:15.7" }, { "name": "cracklib-dict-small", "version": "2.9.11-150600.1.90", "source": "sles:15.7" }, { "name": "findutils", "version": "4.10.0-150700.2.6", "source": "sles:15.7" }, { "name": "libffi7", "version": "3.2.1.git259-10.8", "source": "sles:15.7" }, { "name": "libboost_thread1_66_0", "version": "1.66.0-150200.12.7.1", "source": "sles:15.7" }, { "name": "libksba8", "version": "1.6.4-150600.1.2", "source": "sles:15.7" }, { "name": "timezone", "version": "2025b-150600.91.6.2", "source": "sles:15.7" }, { "name": "curl", "version": "8.14.1-150700.7.14.1", "source": "sles:15.7" }, { "name": "libnghttp2-14", "version": "1.64.0-150700.3.3.1", "source": "sles:15.7" }, { "name": "libaudit1", "version": "3.0.6-150400.4.16.1", "source": "sles:15.7" }, { "name": "libexpat1", "version": "2.7.1-150700.3.9.2", "source": "sles:15.7" }, { "name": "glibc", "version": "2.38-150600.14.43.1", "source": "sles:15.7" }, { "name": "perl-base", "version": "5.26.1-150300.17.20.1", "source": "sles:15.7" }, { "name": "libssh4", "version": "0.9.8-150600.11.9.1", "source": "sles:15.7" }, { "name": "libnsl2", "version": "1.2.0-2.44", "source": "sles:15.7" }, { "name": "openssl-3", "version": "3.2.3-150700.5.24.1", "source": "sles:15.7" }, { "name": "libsepol2", "version": "3.5-150600.1.49", "source": "sles:15.7" }, { "name": "libjitterentropy3", "version": "3.4.1-150000.1.12.1", "source": "sles:15.7" }, { "name": "libpsl5", "version": "0.20.1-150000.3.3.1", "source": "sles:15.7" }, { "name": "ca-certificates", "version": "2+git20240416.98ae794-150300.4.3.3", "source": "sles:15.7" }, { "name": "ncurses-utils", "version": "6.1-150000.5.30.1", "source": "sles:15.7" }, { "name": "gzip", "version": "1.10-150200.10.1", "source": "sles:15.7" }, { "name": "libbrotlicommon1", "version": "1.0.7-150200.3.5.1", "source": "sles:15.7" }, { "name": "libattr1", "version": "2.4.47-2.19", "source": "sles:15.7" }, { "name": "libopenssl3", "version": "3.2.3-150700.5.24.1", "source": "sles:15.7" }, { "name": "rpm-config-SUSE", "version": "1-150400.14.3.1", "source": "sles:15.7" }, { "name": "rpm-ndb", "version": "4.14.3-150400.59.16.1", "source": "sles:15.7" }, { "name": "libeconf0", "version": "0.5.2-150400.3.6.1", "source": "sles:15.7" }, { "name": "libutempter0", "version": "1.1.6-3.42", "source": "sles:15.7" }, { "name": "libgcrypt20", "version": "1.11.0-150700.5.7.1", "source": "sles:15.7" }, { "name": "sysuser-shadow", "version": "3.2-150400.3.5.3", "source": "sles:15.7" }, { "name": "libassuan0", "version": "2.5.5-150000.4.7.1", "source": "sles:15.7" }, { "name": "grep", "version": "3.11-150700.1.8", "source": "sles:15.7" } ], "checks": [ { "test_number": "I.4.1", "category": "image", "type": "image", "profile": "Level 1", "scored": true, "automated": false, "description": "Ensure a user for the container has been created", "remediation": "", "tags": [], "level": "WARN", "message": [] }, { "test_number": "I.4.6", "category": "image", "type": "image", "profile": "Level 1", "scored": false, "automated": false, "description": "Ensure that HEALTHCHECK instructions have been added to container images", "remediation": "", "tags": [], "level": "WARN", "message": [] }, { "test_number": "I.4.8", "category": "image", "type": "image", "profile": "Level 2", "scored": false, "automated": false, "description": "Ensure setuid and setgid permissions are removed - File /sbin/unix_chkpwd has setuid mode: urwxr-xr-x", "remediation": "", "tags": [], "level": "WARN", "evidence": "urwxr-xr-x", "location": "/sbin/unix_chkpwd", "message": [ "File /sbin/unix_chkpwd has setuid mode: urwxr-xr-x" ] }, { "test_number": "I.4.8", "category": "image", "type": "image", "profile": "Level 2", "scored": false, "automated": false, "description": "Ensure setuid and setgid permissions are removed - File /usr/bin/su has setuid mode: urwxr-xr-x", "remediation": "", "tags": [], "level": "WARN", "evidence": "urwxr-xr-x", "location": "/usr/bin/su", "message": [ "File /usr/bin/su has setuid mode: urwxr-xr-x" ] }, { "test_number": "I.4.8", "category": "image", "type": "image", "profile": "Level 2", "scored": false, "automated": false, "description": "Ensure setuid and setgid permissions are removed - File /sbin/unix2_chkpwd has setuid mode: urwxr-xr-x", "remediation": "", "tags": [], "level": "WARN", "evidence": "urwxr-xr-x", "location": "/sbin/unix2_chkpwd", "message": [ "File /sbin/unix2_chkpwd has setuid mode: urwxr-xr-x" ] }, { "test_number": "I.4.8", "category": "image", "type": "image", "profile": "Level 2", "scored": false, "automated": false, "description": "Ensure setuid and setgid permissions are removed - File /usr/bin/chsh has setuid mode: urwxr-xr-x", "remediation": "", "tags": [], "level": "WARN", "evidence": "urwxr-xr-x", "location": "/usr/bin/chsh", "message": [ "File /usr/bin/chsh has setuid mode: urwxr-xr-x" ] }, { "test_number": "I.4.8", "category": "image", "type": "image", "profile": "Level 2", "scored": false, "automated": false, "description": "Ensure setuid and setgid permissions are removed - File /usr/bin/newgidmap has setuid mode: urwxr-xr-x", "remediation": "", "tags": [], "level": "WARN", "evidence": "urwxr-xr-x", "location": "/usr/bin/newgidmap", "message": [ "File /usr/bin/newgidmap has setuid mode: urwxr-xr-x" ] }, { "test_number": "I.4.8", "category": "image", "type": "image", "profile": "Level 2", "scored": false, "automated": false, "description": "Ensure setuid and setgid permissions are removed - File /usr/bin/expiry has setuid mode: urwxr-xr-x", "remediation": "", "tags": [], "level": "WARN", "evidence": "urwxr-xr-x", "location": "/usr/bin/expiry", "message": [ "File /usr/bin/expiry has setuid mode: urwxr-xr-x" ] }, { "test_number": "I.4.8", "category": "image", "type": "image", "profile": "Level 2", "scored": false, "automated": false, "description": "Ensure setuid and setgid permissions are removed - File /usr/bin/chfn has setuid mode: urwxr-xr-x", "remediation": "", "tags": [], "level": "WARN", "evidence": "urwxr-xr-x", "location": "/usr/bin/chfn", "message": [ "File /usr/bin/chfn has setuid mode: urwxr-xr-x" ] }, { "test_number": "I.4.8", "category": "image", "type": "image", "profile": "Level 2", "scored": false, "automated": false, "description": "Ensure setuid and setgid permissions are removed - File /usr/bin/gpasswd has setuid mode: urwxr-xr-x", "remediation": "", "tags": [], "level": "WARN", "evidence": "urwxr-xr-x", "location": "/usr/bin/gpasswd", "message": [ "File /usr/bin/gpasswd has setuid mode: urwxr-xr-x" ] }, { "test_number": "I.4.8", "category": "image", "type": "image", "profile": "Level 2", "scored": false, "automated": false, "description": "Ensure setuid and setgid permissions are removed - File /usr/bin/passwd has setuid mode: urwxr-xr-x", "remediation": "", "tags": [], "level": "WARN", "evidence": "urwxr-xr-x", "location": "/usr/bin/passwd", "message": [ "File /usr/bin/passwd has setuid mode: urwxr-xr-x" ] }, { "test_number": "I.4.8", "category": "image", "type": "image", "profile": "Level 2", "scored": false, "automated": false, "description": "Ensure setuid and setgid permissions are removed - File /usr/lib/utempter/utempter has setgid mode: grwxr-xr-x", "remediation": "", "tags": [], "level": "WARN", "evidence": "grwxr-xr-x", "location": "/usr/lib/utempter/utempter", "message": [ "File /usr/lib/utempter/utempter has setgid mode: grwxr-xr-x" ] }, { "test_number": "I.4.8", "category": "image", "type": "image", "profile": "Level 2", "scored": false, "automated": false, "description": "Ensure setuid and setgid permissions are removed - File /usr/bin/newuidmap has setuid mode: urwxr-xr-x", "remediation": "", "tags": [], "level": "WARN", "evidence": "urwxr-xr-x", "location": "/usr/bin/newuidmap", "message": [ "File /usr/bin/newuidmap has setuid mode: urwxr-xr-x" ] }, { "test_number": "I.4.8", "category": "image", "type": "image", "profile": "Level 2", "scored": false, "automated": false, "description": "Ensure setuid and setgid permissions are removed - File /usr/bin/mount has setuid mode: urwxr-xr-x", "remediation": "", "tags": [], "level": "WARN", "evidence": "urwxr-xr-x", "location": "/usr/bin/mount", "message": [ "File /usr/bin/mount has setuid mode: urwxr-xr-x" ] }, { "test_number": "I.4.8", "category": "image", "type": "image", "profile": "Level 2", "scored": false, "automated": false, "description": "Ensure setuid and setgid permissions are removed - File /usr/bin/chage has setgid mode: grwxr-xr-x", "remediation": "", "tags": [], "level": "WARN", "evidence": "grwxr-xr-x", "location": "/usr/bin/chage", "message": [ "File /usr/bin/chage has setgid mode: grwxr-xr-x" ] }, { "test_number": "I.4.8", "category": "image", "type": "image", "profile": "Level 2", "scored": false, "automated": false, "description": "Ensure setuid and setgid permissions are removed - File /usr/bin/umount has setuid mode: urwxr-xr-x", "remediation": "", "tags": [], "level": "WARN", "evidence": "urwxr-xr-x", "location": "/usr/bin/umount", "message": [ "File /usr/bin/umount has setuid mode: urwxr-xr-x" ] }, { "test_number": "I.4.8", "category": "image", "type": "image", "profile": "Level 2", "scored": false, "automated": false, "description": "Ensure setuid and setgid permissions are removed - File /usr/bin/newgrp has setuid mode: urwxr-xr-x", "remediation": "", "tags": [], "level": "WARN", "evidence": "urwxr-xr-x", "location": "/usr/bin/newgrp", "message": [ "File /usr/bin/newgrp has setuid mode: urwxr-xr-x" ] } ], "setid_perms": [ { "type": "setuid", "evidence": "urwxr-xr-x", "path": "/sbin/unix_chkpwd" }, { "type": "setuid", "evidence": "urwxr-xr-x", "path": "/usr/bin/su" }, { "type": "setuid", "evidence": "urwxr-xr-x", "path": "/sbin/unix2_chkpwd" }, { "type": "setuid", "evidence": "urwxr-xr-x", "path": "/usr/bin/chsh" }, { "type": "setuid", "evidence": "urwxr-xr-x", "path": "/usr/bin/newgidmap" }, { "type": "setuid", "evidence": "urwxr-xr-x", "path": "/usr/bin/expiry" }, { "type": "setuid", "evidence": "urwxr-xr-x", "path": "/usr/bin/chfn" }, { "type": "setuid", "evidence": "urwxr-xr-x", "path": "/usr/bin/gpasswd" }, { "type": "setuid", "evidence": "urwxr-xr-x", "path": "/usr/bin/passwd" }, { "type": "setgid", "evidence": "grwxr-xr-x", "path": "/usr/lib/utempter/utempter" }, { "type": "setuid", "evidence": "urwxr-xr-x", "path": "/usr/bin/newuidmap" }, { "type": "setuid", "evidence": "urwxr-xr-x", "path": "/usr/bin/mount" }, { "type": "setgid", "evidence": "grwxr-xr-x", "path": "/usr/bin/chage" }, { "type": "setuid", "evidence": "urwxr-xr-x", "path": "/usr/bin/umount" }, { "type": "setuid", "evidence": "urwxr-xr-x", "path": "/usr/bin/newgrp" } ], "envs": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "GNUTLS_FORCE_FIPS_MODE=1", "LIBGCRYPT_FORCE_FIPS_MODE=1", "LIBICA_FIPS_FLAG=1", "NSS_FIPS=1", "OPENSSL_FIPS=1", "OPENSSL_FORCE_FIPS_MODE=1" ], "labels": { "com.suse.bci.base-fips.authors": "https://github.com/SUSE/bci/discussions", "com.suse.bci.base-fips.created": "2026-04-03T08:58:43.440242469Z", "com.suse.bci.base-fips.description": "15 SP7 FIPS-140-3 mode container based on the SUSE Linux Enterprise Base Container Image.", "com.suse.bci.base-fips.disturl": "obs://build.opensuse.org/devel:BCI:SLE-15-SP7/containerfile/ab781d4fec9adf3e8ec06afb50f45e08-base-fips-image", "com.suse.bci.base-fips.eula": "sle-bci", "com.suse.bci.base-fips.lifecycle-url": "https://www.suse.com/lifecycle#suse-linux-enterprise-server-15", "com.suse.bci.base-fips.name": "15.7-157.1", "com.suse.bci.base-fips.reference": "registry.suse.com/bci/bci-base-fips:15.7-157.1", "com.suse.bci.base-fips.release-stage": "released", "com.suse.bci.base-fips.source": "https://build.opensuse.org/package/show/devel:BCI:SLE-15-SP7/base-fips-image?rev=ab781d4fec9adf3e8ec06afb50f45e08", "com.suse.bci.base-fips.supportlevel": "l3", "com.suse.bci.base-fips.title": "SLE BCI 15 SP7 FIPS-140-3 mode", "com.suse.bci.base-fips.until": "2031-07-31", "com.suse.bci.base-fips.url": "https://www.suse.com/products/base-container-images/", "com.suse.bci.base-fips.vendor": "SUSE LLC", "com.suse.bci.base-fips.version": "15.7-157.1", "com.suse.bci.base.authors": "https://github.com/SUSE/bci/discussions", "com.suse.bci.base.created": "2026-04-02T15:55:06.222673910Z", "com.suse.bci.base.description": "Image for containers based on SUSE Linux Enterprise Server 15 SP7.", "com.suse.bci.base.disturl": "obs://build.suse.de/SUSE:SLE-15-SP7:Update:CR/images/73cdef8290e0d53d0549832cc5e8ba61-sles15-image", "com.suse.bci.base.eula": "sle-bci", "com.suse.bci.base.lifecycle-url": "https://www.suse.com/lifecycle#suse-linux-enterprise-server-15", "com.suse.bci.base.name": "15.7-5.17.15", "com.suse.bci.base.reference": "registry.suse.com/bci/bci-base:15.7-5.17.15", "com.suse.bci.base.release-stage": "released", "com.suse.bci.base.source": "https://sources.suse.com/SUSE:SLE-15-SP7:Update:CR/sles15-image/73cdef8290e0d53d0549832cc5e8ba61/", "com.suse.bci.base.supportlevel": "l3", "com.suse.bci.base.title": "SLE BCI 15 SP7 Base", "com.suse.bci.base.until": "2031-07-31", "com.suse.bci.base.url": "https://www.suse.com/products/base-container-images/", "com.suse.bci.base.vendor": "SUSE LLC", "com.suse.bci.base.version": "15.7-5.17.15", "com.suse.eula": "sle-bci", "com.suse.lifecycle-url": "https://www.suse.com/lifecycle#suse-linux-enterprise-server-15", "com.suse.release-stage": "released", "com.suse.supportlevel": "l3", "com.suse.supportlevel.until": "2031-07-31", "io.artifacthub.package.logo-url": "https://opensource.suse.com/bci/SLE_BCI_logomark_green.svg", "io.artifacthub.package.readme-url": "https://build.opensuse.org/public/source/devel:BCI:SLE-15-SP7/base-fips-image/README.md?rev=ab781d4fec9adf3e8ec06afb50f45e08", "org.openbuildservice.disturl": "obs://build.opensuse.org/devel:BCI:SLE-15-SP7/containerfile/ab781d4fec9adf3e8ec06afb50f45e08-base-fips-image", "org.opencontainers.image.authors": "https://github.com/SUSE/bci/discussions", "org.opencontainers.image.base.digest": "sha256:0215ee0ba99284769860f73e00fcd8f0b48ae760c5c7c773929d6f540649a2e1", "org.opencontainers.image.base.name": "registry.suse.com/bci/bci-base:15.7", "org.opencontainers.image.created": "2026-04-03T08:58:43.440242469Z", "org.opencontainers.image.description": "15 SP7 FIPS-140-3 mode container based on the SUSE Linux Enterprise Base Container Image.", "org.opencontainers.image.ref.name": "15.7-157.1", "org.opencontainers.image.source": "https://build.opensuse.org/package/show/devel:BCI:SLE-15-SP7/base-fips-image?rev=ab781d4fec9adf3e8ec06afb50f45e08", "org.opencontainers.image.title": "SLE BCI 15 SP7 FIPS-140-3 mode", "org.opencontainers.image.url": "https://www.suse.com/products/base-container-images/", "org.opencontainers.image.vendor": "SUSE LLC", "org.opencontainers.image.version": "15.7-157.1", "org.opensuse.reference": "registry.suse.com/bci/bci-base-fips:15.7-157.1", "usage": "This container should only be used on a FIPS-140-3-enabled host (fips=1 on kernel cmdline)." }, "cmds": [ "", "LABEL org.openbuildservice.disturl=obs://build.opensuse.org/devel:BCI:SLE-15-SP7/containerfile/ab781d4fec9adf3e8ec06afb50f45e08-base-fips-image", "RUN obs-docker-support --upload-packages --uninstall", "ENV OPENSSL_FORCE_FIPS_MODE=1", "ENV OPENSSL_FIPS=1", "ENV NSS_FIPS=1", "ENV LIBICA_FIPS_FLAG=1", "ENV LIBGCRYPT_FORCE_FIPS_MODE=1", "ENV GNUTLS_FORCE_FIPS_MODE=1", "RUN set -euo pipefail; rm -rf {/target,}/var/log/{alternatives.log,lastlog,tallylog,zypper.log,zypp/history,YaST2}; rm -rf {/target,}/run/*; rm -f {/target,}/etc/{shadow-,group-,passwd-,.pwd.lock}; rm -f {/target,}/usr/lib/sysimage/rpm/.rpm.lock; rm -f {/target,}/var/lib/zypp/AnonymousUniqueId; rm -f {/target,}/var/lib/zypp/AutoInstalled; rm -f {/target,}/var/cache/ldconfig/aux-cache", "RUN set -euo pipefail; rpm -e crypto-policies-scripts libopenssl1_1 libpython3_6m1_0 perl-Bootloader python3-base", "RUN set -euo pipefail; fips-mode-setup --enable --no-bootcfg", "LABEL usage=This container should only be used on a FIPS-140-3-enabled host (fips=1 on kernel cmdline).", "LABEL io.artifacthub.package.readme-url=https://build.opensuse.org/public/source/devel:BCI:SLE-15-SP7/base-fips-image/README.md?rev=ab781d4fec9adf3e8ec06afb50f45e08", "LABEL org.opencontainers.image.base.digest=sha256:0215ee0ba99284769860f73e00fcd8f0b48ae760c5c7c773929d6f540649a2e1", "LABEL org.opencontainers.image.base.name=registry.suse.com/bci/bci-base:15.7", "LABEL com.suse.release-stage=released", "LABEL com.suse.bci.base-fips.release-stage=released", "LABEL com.suse.lifecycle-url=https://www.suse.com/lifecycle#suse-linux-enterprise-server-15", "LABEL com.suse.bci.base-fips.lifecycle-url=https://www.suse.com/lifecycle#suse-linux-enterprise-server-15", "LABEL com.suse.eula=sle-bci", "LABEL com.suse.bci.base-fips.eula=sle-bci", "LABEL com.suse.supportlevel.until=2031-07-31", "LABEL com.suse.bci.base-fips.until=2031-07-31", "LABEL com.suse.supportlevel=l3", "LABEL com.suse.bci.base-fips.supportlevel=l3", "LABEL org.openbuildservice.disturl=obs://build.opensuse.org/devel:BCI:SLE-15-SP7/containerfile/ab781d4fec9adf3e8ec06afb50f45e08-base-fips-image", "LABEL com.suse.bci.base-fips.disturl=obs://build.opensuse.org/devel:BCI:SLE-15-SP7/containerfile/ab781d4fec9adf3e8ec06afb50f45e08-base-fips-image", "LABEL org.opensuse.reference=registry.suse.com/bci/bci-base-fips:15.7-157.1", "LABEL com.suse.bci.base-fips.reference=registry.suse.com/bci/bci-base-fips:15.7-157.1", "LABEL org.opencontainers.image.ref.name=15.7-157.1", "LABEL com.suse.bci.base-fips.name=15.7-157.1", "LABEL org.opencontainers.image.source=https://build.opensuse.org/package/show/devel:BCI:SLE-15-SP7/base-fips-image?rev=ab781d4fec9adf3e8ec06afb50f45e08", "LABEL com.suse.bci.base-fips.source=https://build.opensuse.org/package/show/devel:BCI:SLE-15-SP7/base-fips-image?rev=ab781d4fec9adf3e8ec06afb50f45e08", "LABEL org.opencontainers.image.vendor=SUSE LLC", "LABEL com.suse.bci.base-fips.vendor=SUSE LLC", "LABEL org.opencontainers.image.created=2026-04-03T08:58:43.440242469Z", "LABEL com.suse.bci.base-fips.created=2026-04-03T08:58:43.440242469Z", "LABEL org.opencontainers.image.url=https://www.suse.com/products/base-container-images/", "LABEL com.suse.bci.base-fips.url=https://www.suse.com/products/base-container-images/", "LABEL org.opencontainers.image.version=15.7-157.1", "LABEL com.suse.bci.base-fips.version=15.7-157.1", "LABEL org.opencontainers.image.description=15 SP7 FIPS-140-3 mode container based on the SUSE Linux Enterprise Base Container Image.", "LABEL com.suse.bci.base-fips.description=15 SP7 FIPS-140-3 mode container based on the SUSE Linux Enterprise Base Container Image.", "LABEL org.opencontainers.image.title=SLE BCI 15 SP7 FIPS-140-3 mode", "LABEL com.suse.bci.base-fips.title=SLE BCI 15 SP7 FIPS-140-3 mode", "LABEL org.opencontainers.image.authors=https://github.com/SUSE/bci/discussions", "LABEL com.suse.bci.base-fips.authors=https://github.com/SUSE/bci/discussions", "RUN set -euo pipefail; sed -i 's/^\\([^:]*:[^:]*:\\)[^:]*\\(:.*\\)$/\\1\\2/' /etc/shadow", "RUN set -euo pipefail; zypper -n clean -a; rm -rf {/target,}/var/log/{alternatives.log,lastlog,tallylog,zypper.log,zypp/history,YaST2}; rm -rf {/target,}/run/*; rm -f {/target,}/etc/{shadow-,group-,passwd-,.pwd.lock}; rm -f {/target,}/usr/lib/sysimage/rpm/.rpm.lock; rm -f {/target,}/var/lib/zypp/AnonymousUniqueId; rm -f {/target,}/var/lib/zypp/AutoInstalled; rm -f {/target,}/var/cache/ldconfig/aux-cache", "RUN set -euo pipefail; zypper -n install --no-recommends coreutils crypto-policies-scripts perl-Bootloader sles-release", "RUN obs-docker-support --upload-packages --install", "COPY file:1c0f305148a2cd2a2bbd67a50b5c5386a2b42046a071cdd5f4db14a0816fb5ea in /usr/local/sbin/obs-docker-support", "KIWI 10.2.33" ], "signature_data": { "verification_timestamp": "" } } } }, "metadata": { "scanStartedOn": "2026-04-03T09:00:42.234452058+00:00", "scanFinishedOn": "2026-04-03T09:00:42.234452058+00:00" } } }