{"architecture":"amd64","config":{"User":"observability","ExposedPorts":{"8082/tcp":{}},"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","uname=observability","gname=observability","JF_PRODUCT_DATA_INTERNAL=/var/opt/jfrog/observability","JF_PRODUCT_HOME=/opt/jfrog/observability","SERVICE_NAME=observability","TARGETARCH=amd64","JF_PRODUCT_APP=/opt/jfrog/observability/app"],"Entrypoint":["/usr/local/bin/fips-entrypoint.sh","/opt/jfrog/observability/app/bin/entrypoint-observability.sh"],"Volumes":{"/var/opt/jfrog/observability":{}},"WorkingDir":"/","Labels":{"ai.echo.image.name":"echo-fips","ai.echo.image.tag":"latest","ai.echo.image.upstream.digest":"sha256:e969bc4a6af81e66bf2ee7e79cecb24885929111d5eddb97dd80bed3b90a5e93","ai.echo.image.upstream.tag":"stable","ai.echo.image.upstream.uri":"docker.io/library/debian","com.echohq.image.name":"echo-fips","com.echohq.image.tag":"latest","description":"JFrog Echo Image — base (FIPS-aware, hardened)","maintainer":"devops@jfrog.com","org.opencontainers.image.author":"echohq.com","org.opencontainers.image.title":"jfrog/echo-base","org.opencontainers.image.vendor":"JFrog"},"ArgsEscaped":true},"created":"2026-05-15T09:22:49.893631461Z","history":[{"created":"2026-05-03T15:26:15.949323818Z","created_by":"COPY / / # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-03T15:26:15.949323818Z","created_by":"CMD [\"bash\"]","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-03T15:37:25.53397917Z","created_by":"ARG CACHEBUST=f78390bc22ddc61be22e241746af051ffa5b5ba5e37dcad34363b9b533cfe399","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-03T15:37:25.53397917Z","created_by":"RUN |1 CACHEBUST=f78390bc22ddc61be22e241746af051ffa5b5ba5e37dcad34363b9b533cfe399 /bin/sh -c disable-docker-clean \u0026\u0026     apt-get update \u0026\u0026 apt-get upgrade -y \u0026\u0026     apt-get install -y --no-install-recommends     libc6     openssl-fips-provider     openssl-config-fips \u0026\u0026     enable-docker-clean # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-03T15:48:21.808928563Z","created_by":"ARG CACHEBUST=0cd3ce15302f3e20e1e35e3e91e8c0f801a3748d28b359295cadf7249441e9bb","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-03T15:48:21.808928563Z","created_by":"RUN |1 CACHEBUST=0cd3ce15302f3e20e1e35e3e91e8c0f801a3748d28b359295cadf7249441e9bb /bin/sh -c disable-docker-clean \u0026\u0026     apt-get update \u0026\u0026 apt-get upgrade -y \u0026\u0026     apt install -y --no-install-recommends     libc6 \u0026\u0026     enable-docker-clean # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-03T15:48:21.808928563Z","created_by":"CMD [\"bash\"]","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-14T11:12:14.851876354Z","created_by":"LABEL maintainer=JFrog Installers \u003cinstallers@jfrog.com\u003e","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-14T11:12:14.851876354Z","created_by":"LABEL description=JFrog Echo Image — base (FIPS-aware, hardened)","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-14T11:12:14.851876354Z","created_by":"LABEL org.opencontainers.image.vendor=JFrog","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-14T11:12:14.851876354Z","created_by":"LABEL org.opencontainers.image.title=jfrog/echo-base","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-14T11:12:14.851876354Z","created_by":"COPY packages-base.txt /tmp/packages.txt # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-14T11:12:25.725346353Z","created_by":"RUN /bin/sh -c apt-get update -qq \u0026\u0026     xargs -a /tmp/packages.txt apt-get install -y --no-install-recommends \u0026\u0026     rm -f /tmp/packages.txt \u0026\u0026     (update-ca-certificates 2\u003e/dev/null || true) \u0026\u0026     rm -rf /var/lib/apt/lists/* \u0026\u0026     OSSL_VER=$(dpkg-query -W -f='${Version}' openssl 2\u003e/dev/null) \u0026\u0026     echo \"OpenSSL package version: ${OSSL_VER}\" \u0026\u0026     (echo \"${OSSL_VER}\" | grep -q '+e' ||         { echo \"ERROR: Echo-patched OpenSSL replaced by stock build\"; exit 1; }) # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-14T11:12:25.91704375Z","created_by":"RUN /bin/sh -c cp -L /usr/lib/ssl/openssl.cnf /etc/ssl/openssl.cnf.orig # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-14T11:12:25.955966494Z","created_by":"COPY openssl.cnf /etc/ssl/openssl.cnf # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-14T11:12:25.997741394Z","created_by":"COPY fips-entrypoint.sh /usr/local/bin/fips-entrypoint.sh # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-14T11:12:26.207573726Z","created_by":"RUN /bin/sh -c OUT=/usr/lib/ssl/openssl-fips.cnf \u0026\u0026     ORIG=/etc/ssl/openssl.cnf.orig \u0026\u0026     cp \"$ORIG\" \"$OUT\" \u0026\u0026     awk 'BEGIN {         print \"\";         print \"# JFrog TLS hardening\";         print \"[ssl_sect]\";         print \"system_default = system_default_sect\";         print \"\";         print \"[system_default_sect]\";         print \"MinProtocol  = TLSv1.2\";         print \"MaxProtocol  = TLSv1.3\";         print \"CipherString = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256\";         print \"CipherSuites = TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256\";     }' /dev/null \u003e\u003e \"$OUT\" \u0026\u0026     cp \"$OUT\" /etc/ssl/openssl-fips.cnf \u0026\u0026     echo \"Lines in fips.cnf: $(wc -l \u003c \"$OUT\")\" \u0026\u0026     grep -q 'fips = fips_sect' \"$OUT\" \u0026\u0026 echo \"PASS: fips_sect present\" || { echo \"FAIL: fips_sect missing\"; exit 1; } \u0026\u0026     grep -q 'MinProtocol' \"$OUT\" \u0026\u0026 echo \"PASS: MinProtocol present\" || { echo \"FAIL: MinProtocol missing\"; exit 1; } \u0026\u0026     grep -q '\\.include' \"$OUT\" \u0026\u0026 echo \"PASS: .include present\" || { echo \"FAIL: .include missing\"; exit 1; } # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-14T11:12:26.384049085Z","created_by":"RUN /bin/sh -c chmod +x /usr/local/bin/fips-entrypoint.sh \u0026\u0026     sh -n /usr/local/bin/fips-entrypoint.sh \u0026\u0026     chmod 644 /etc/ssl/openssl.cnf \u0026\u0026     chmod 644 /usr/lib/ssl/openssl-fips.cnf /etc/ssl/openssl-fips.cnf \u0026\u0026     (chmod 644 /etc/ssl/certs/ca-certificates.crt 2\u003e/dev/null || true) \u0026\u0026     (find /usr/bin /usr/sbin /bin /sbin          \\( -perm -4000 -o -perm -2000 \\)          ! -name 'su' ! -name 'newgrp'          -exec chmod a-s {} \\; 2\u003e/dev/null || true) # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-14T11:12:26.55928401Z","created_by":"RUN /bin/sh -c echo \"=== OS ===\" \u0026\u0026 cat /etc/os-release | grep -E 'NAME|VERSION' # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-14T11:12:26.701393704Z","created_by":"RUN /bin/sh -c echo \"=== OpenSSL ===\" \u0026\u0026 openssl version -a # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-14T11:12:26.767276457Z","created_by":"RUN /bin/sh -c echo \"=== Non-FIPS config ===\" \u0026\u0026     OPENSSL_CONF=/etc/ssl/openssl.cnf openssl ciphers -v ALL 2\u003e\u00261 | head -3 \u0026\u0026     echo \"openssl.cnf OK\" # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-14T11:12:26.862243213Z","created_by":"RUN /bin/sh -c echo \"=== FIPS config loads FIPS provider? ===\" \u0026\u0026     OPENSSL_CONF=/usr/lib/ssl/openssl-fips.cnf openssl list -providers 2\u003e\u00261 | tee /tmp/fips-providers.txt \u0026\u0026     grep -qi 'fips' /tmp/fips-providers.txt || { echo \"FAIL: FIPS provider not active under openssl-fips.cnf\"; exit 1; } \u0026\u0026     echo \"openssl-fips.cnf OK\" # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-14T11:12:26.936021289Z","created_by":"RUN /bin/sh -c echo \"=== Cipher policy ===\" \u0026\u0026     CSTR=\"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256\" \u0026\u0026     openssl ciphers -v \"$CSTR\" 2\u003e/dev/null | awk '{print $1}' |         grep -E '^ADH-|^AECDH-|^NULL-|^EXP-'         \u0026\u0026 echo \"FAIL: weak suites\" \u0026\u0026 exit 1         || echo \"PASS: no weak suites\" \u0026\u0026     grep -E 'MinProtocol\\s*=\\s*TLSv1\\.2' /etc/ssl/openssl.cnf \u0026\u0026 echo \"PASS: MinProtocol set\" # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-14T11:12:27.015271358Z","created_by":"RUN /bin/sh -c echo \"=== CA bundle ===\" \u0026\u0026     TOTAL=$(grep -c 'BEGIN CERTIFICATE' /etc/ssl/certs/ca-certificates.crt) \u0026\u0026     echo \"Total CAs: $TOTAL\" \u0026\u0026     grep -i baltimore /etc/ssl/certs/ca-certificates.crt         \u0026\u0026 echo \"WARNING: Baltimore expired root present\"         || echo \"PASS: Baltimore absent\" # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-14T11:12:27.085093584Z","created_by":"RUN /bin/sh -c echo \"=== initContainer utilities ===\" \u0026\u0026     MISSING=\"\" \u0026\u0026     for cmd in bash sh curl cp rm mkdir chmod sed grep ls mv cat                sleep timeout tail kill touch tee basename; do         if command -v \"$cmd\" \u003e/dev/null 2\u003e\u00261; then             printf \"  %-12s %s\\n\" \"$cmd\" \"$(command -v \"$cmd\")\";         else             printf \"  %-12s MISSING\\n\" \"$cmd\"; MISSING=\"${MISSING} ${cmd}\";         fi;     done \u0026\u0026     [ -z \"$MISSING\" ] \u0026\u0026 echo \"PASS: all initContainer utilities present\"         || { echo \"FAIL: missing:${MISSING}\"; exit 1; } # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-14T11:12:27.163796236Z","created_by":"RUN /bin/sh -c echo \"=== All smoke tests passed ===\" # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-14T11:12:27.163796236Z","created_by":"ENTRYPOINT [\"/usr/local/bin/fips-entrypoint.sh\"]","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-14T11:12:27.163796236Z","created_by":"CMD [\"/bin/sh\"]","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-15T09:22:47.415434997Z","created_by":"LABEL maintainer=devops@jfrog.com","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-15T09:22:47.415434997Z","created_by":"ARG TARGETARCH=amd64","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-15T09:22:47.415434997Z","created_by":"ENV uname=observability gname=observability JF_PRODUCT_DATA_INTERNAL=/var/opt/jfrog/observability JF_PRODUCT_HOME=/opt/jfrog/observability SERVICE_NAME=observability TARGETARCH=amd64 JF_PRODUCT_APP=/opt/jfrog/observability/app","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-15T09:22:47.415434997Z","created_by":"USER root","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-15T09:22:47.415434997Z","created_by":"RUN |1 TARGETARCH=amd64 /bin/sh -c groupadd -g 1118 observability     \u0026\u0026 useradd -Ms /bin/bash -g observability -u 1118 observability # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-15T09:22:47.415434997Z","created_by":"USER root","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-15T09:22:47.799850548Z","created_by":"RUN |1 TARGETARCH=amd64 /bin/sh -c mkdir -p ${JF_PRODUCT_HOME}/app/third-party # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-15T09:22:48.924865077Z","created_by":"COPY /opt/jfrog/observability/app /opt/jfrog/observability/app # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-15T09:22:49.045251724Z","created_by":"COPY third-party/yq-amd64 /opt/jfrog/observability/app/third-party/yq # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-15T09:22:49.893631461Z","created_by":"RUN |1 TARGETARCH=amd64 /bin/sh -c mkdir -p ${JF_PRODUCT_DATA_INTERNAL}/etc/security \u0026\u0026     ln -s ${JF_PRODUCT_DATA_INTERNAL} ${JF_PRODUCT_HOME}/var \u0026\u0026     chown -R ${uname}:${gname} ${JF_PRODUCT_HOME} ${JF_PRODUCT_DATA_INTERNAL} \u0026\u0026     chmod -R 755 ${JF_PRODUCT_DATA_INTERNAL} # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2026-05-15T09:22:49.893631461Z","created_by":"EXPOSE [8082/tcp]","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-15T09:22:49.893631461Z","created_by":"USER observability","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-15T09:22:49.893631461Z","created_by":"VOLUME [/var/opt/jfrog/observability]","comment":"buildkit.dockerfile.v0","empty_layer":true},{"created":"2026-05-15T09:22:49.893631461Z","created_by":"ENTRYPOINT [\"/usr/local/bin/fips-entrypoint.sh\" \"/opt/jfrog/observability/app/bin/entrypoint-observability.sh\"]","comment":"buildkit.dockerfile.v0","empty_layer":true}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:42e0f84dc491d1c9a3ef3a50b590fc0c55ba5f771a47f26b7224637e212f428a","sha256:6a54eaaa7f47de4ce375fc7eb4042acd0fd9b6f6d78dbbb931af7eddb365127a","sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef","sha256:047776ed2a060d7fdaab45b197c8a47264c93f0da64d1cc98197d566af37f9d1","sha256:44193583141761c0ea4f107e414870e95741d89c4bf715b46ad23834ada4cc60","sha256:9cc9761680fa970b4268fb5580e17e7fc3f4ebf6308efa4521b40ccfca860bb2","sha256:aab251eaa41a098b9629f62ca18cce8a16108c12a036a03a51193d102b6a12cf","sha256:f497f564190d9f597808d2787ff6c4785d9c6ecd8cdbf58f45874d6a62eacffb","sha256:f001d63b5d7ff205433831fe615a229cc8f93ffad1e2099a2613a5ed178910b5","sha256:d4de10cab4a0002b275227b01a19b0662445e97599f3bc8e5e917826b88e44f3","sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef","sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef","sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef","sha256:77d314c067332734368a3963dacef503a87a81611d24df6fbcbd2d5d474776a7","sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef","sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef","sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef","sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef","sha256:93746ea3891ecb3b79b3c0a802433c544756519e0e4051ab17534d0873b946d8","sha256:ab953ace0c9020bfb5b378381ddf5e649a510b14b921b1e56a6d52d127a45605","sha256:e46e8a855a91b98c09ab81bc9b1d645854dabba8128b8182da64ab087b55bfe8","sha256:6936c1deacf19cedf94c578a624aa6283fc91f522456d499a783f6e344ce03dc","sha256:f4b08e860b6695f13f1fbe11ee6dda5acf3327928f5a747b39b6b3b83d78420f"]}}