Versions:
Frizbee, developed by stacklok, is a lightweight command-line utility designed to retrieve cryptographic checksums for container images simply by referencing their tag. Aimed at DevOps engineers, security auditors, and CI/CD maintainers who need to verify image integrity without pulling large layers, the tool accepts any OCI-compliant tag—such as those from Docker Hub, GHCR, or Quay—and returns the corresponding digest in SHA-256 or SHA-512 format. This makes it ideal for pinning exact versions in Kubernetes manifests, locking supply-chain provenance in bill-of-materials files, or scripting pre-deployment validation checks. Written in Go and distributed as a single static binary, frizbee runs cross-platform and can be embedded in GitHub Actions, GitLab jobs, or local pre-commit hooks to ensure that what was scanned in staging is identical to what will run in production. Since its debut the project has maintained rapid release cadence, publishing 27 successive builds that incrementally added support for authenticated registries, proxy mirrors, and reproducible output formats like JSON and SPDX. The current general-availability version 0.1.10 tightens error handling for rate-limited endpoints and introduces concurrent requests for bulk verification of multi-arch manifests. Users appreciate the near-instant feedback—typically under a second—because only the manifest header is fetched, saving bandwidth and build minutes. Overall, frizbee occupies a narrow but critical niche in the Security category, complementing larger scanning suites by providing a fast, stateless way to translate human-readable tags into immutable checksums. The software is available for free on get.nero.com, with downloads provided via trusted Windows package sources (e.g. winget), always delivering the latest version, and supporting batch installation of multiple applications.
Tags: