jfxs/alpine-task
A lightweight Task Docker image based on Alpine Linux
10K+
A Task Docker image:
multiarch
with support of amd64 and arm64,Syft
,docker run -t --rm jfxs/alpine-task task --version
or
docker run -t --rm quay.io/ifxs/alpine-task task --version
Docker latest tag is 3.41.0-005, 3.41, 3 and contains:
Name | Version | Type |
---|---|---|
ca-certificates | 20241121-r1 | apk |
curl | 8.12.1-r0 | apk |
file | 5.46-r2 | apk |
git | 2.47.2-r0 | apk |
github.com/go-task/task/v3 | v3.41.0 | go-module |
jq | 1.7.1-r0 | apk |
Details are updated on Dockerhub
Overview page when an image is published.
The Docker tag is defined by the Task version used and an increment to differentiate build with the same Task version:
<task_version>-<increment>
Example: 3.19.1-003
Cosign public key:
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEa3yV6+yd/l4zh/tfT6Tx+zn0dhy3
BhFqSad1norLeKSCN2MILv4fZ9GA6ODOlJOw+7vzUvzZVr9IXnxEdjoWJw==
-----END PUBLIC KEY-----
The public key is also available online: https://gitlab.com/op_so/docker/cosign-public-key/-/raw/main/cosign.pub.
To verify an image:
cosign verify --key cosign.pub $IMAGE_URI
To verify and get the SBOM attestation:
cosign verify-attestation --key cosign.pub --type spdxjson $IMAGE_URI | jq '.payload | @base64d | fromjson | .predicate'
This program is free software: you can redistribute it and/or modify it under the terms of the MIT License (MIT). See the LICENSE for details.
docker pull jfxs/alpine-task