HARDENED
Return
crane

crane

latest

A minimal Linux environment with Crane container image tool, providing a lightweight solution for container image manipulation, registry operations, and image management in containerized environments.

Getting Started

To pull the image:

docker pull registry.hardened.eu/library/crane:latest

Verifying Image Signatures

All Hardened B.V. images are signed using cosign. You can verify the signature using the following steps:

Save the public key:

cat >hardened.pub <<EOL
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbxhUFlXkIIbDzdRAR9rc6kDPNb+k
J48lhqqlOMyiq3jkbKXNj2sEFMduFlNh63MrZA59PKf4TjS1AiCrvaFXNA==
-----END PUBLIC KEY-----
EOL

Verify the image signature:

cosign verify --key hardened.pub registry.hardened.eu/library/crane:latest

The verification will show the signature details and confirm the image’s authenticity.

To verify the SBOM, run the following command:

cosign verify-attestation --type spdxjson --key hardened.pub registry.hardened.eu/library/crane:latest

To download the SBOM, run the same command and decode it:

cosign verify-attestation --type spdxjson --key hardened.pub registry.hardened.eu/library/crane:latest | jq -r .payload | base64 -d | jq -r .predicate > crane-spdx.json

Trademarks

This software is packaged by Hardened B.V. All trademarks are property of their respective owners. Use of these images does not imply any affiliation or endorsement.