docker · dvdksn · Nov 13, 2024 · Nov 12, 2024 · Nov 13, 2024 · Nov 13, 2024
diff --git a/_vale/Docker/Acronyms.yml b/_vale/Docker/Acronyms.yml
@@ -31,6 +31,7 @@ exceptions:
   - DPI
   - DSOS
   - DVP
+  - ECI
   - ELK
   - FAQ
   - FUSE
@@ -68,6 +69,7 @@ exceptions:
   - NTLM
   - NVDA
   - OCI
+  - OS
   - OSS
   - PATH
   - PDF

diff --git a/content/get-started/docker-concepts/building-images/multi-stage-builds.md b/content/get-started/docker-concepts/building-images/multi-stage-builds.md
@@ -57,9 +57,8 @@ In this hands-on guide, you'll unlock the power of multi-stage builds to create
 
 1. [Download and install](https://www.docker.com/products/docker-desktop/) Docker Desktop.
 
-2. [Download and install](https://www.oracle.com/java/technologies/downloads/) Java.
 
-3. Open this [pre-initialized project](https://start.spring.io/#!type=maven-project&language=java&platformVersion=3.4.0-M3&packaging=jar&jvmVersion=21&groupId=com.example&artifactId=spring-boot-docker&name=spring-boot-docker&description=Demo%20project%20for%20Spring%20Boot&packageName=com.example.spring-boot-docker&dependencies=web) to generate a ZIP file. Here’s how that looks:
+2. Open this [pre-initialized project](https://start.spring.io/#!type=maven-project&language=java&platformVersion=3.4.0-M3&packaging=jar&jvmVersion=21&groupId=com.example&artifactId=spring-boot-docker&name=spring-boot-docker&description=Demo%20project%20for%20Spring%20Boot&packageName=com.example.spring-boot-docker&dependencies=web) to generate a ZIP file. Here’s how that looks:
 
 
     ![A screenshot of Spring Initializr tool selected with Java 21, Spring Web and Spring Boot 3.4.0](images/multi-stage-builds-spring-initializer.webp?border=true)
@@ -72,7 +71,7 @@ In this hands-on guide, you'll unlock the power of multi-stage builds to create
     For this demonstration, you’ve paired Maven build automation with Java, a Spring Web dependency, and Java 21 for your metadata.
 
 
-4. Navigate the project directory. Once you unzip the file, you'll see the following project directory structure:
+3. Navigate the project directory. Once you unzip the file, you'll see the following project directory structure:
 
 
     ```plaintext
@@ -109,7 +108,7 @@ In this hands-on guide, you'll unlock the power of multi-stage builds to create
    contains most of the information needed to build a customized project. The POM is huge and can seem    
    daunting. Thankfully, you don't yet need to understand every intricacy to use it effectively. 
 
-5. Create a RESTful web service that displays "Hello World!". 
+4. Create a RESTful web service that displays "Hello World!". 
 
 
     Under the `src/main/java/com/example/spring_boot_docker/` directory, you can modify your  

diff --git a/content/guides/docker-scout/_index.md b/content/guides/docker-scout/_index.md
@@ -14,16 +14,14 @@ aliases:
 params:
   featured: true
   image: images/learning-paths/scout.png
-  time: 10 minutes
+  time: 20 minutes
   resource_links:
     - title: Docker Scout overview
       url: /scout/
     - title: Docker Scout quickstart
       url: /scout/quickstart/
     - title: Install Docker Scout
       url: /scout/install/
-    - title: Software Bill of Materials
-      url: /scout/concepts/sbom/
 ---
 
 When container images are insecure, significant risks can arise. Around 60% of

diff --git a/content/guides/docker-scout/attestations.md b/content/guides/docker-scout/attestations.md
@@ -0,0 +1,36 @@
+---
+title: Attestations
+keywords: build, attestations, sbom, provenance, metadata
+description: |
+  Introduction to SBOM and provenance attestations with Docker Build,
+  what they are, and why they exist
+weight: 50
+---
+
+{{< youtube-embed qOzcycbTs4o >}}
+
+[Build attestations](/manuals/build/metadata/attestations/_index.md) give you
+detailed information about how an image was built and what it contains. These
+attestations, generated by BuildKit during build-time, attach to the final
+image as metadata, allowing you to inspect an image to see its origin, creator,
+and contents. This information helps you make informed decisions about the
+security and impact of the image on your supply chain.
+
+Docker Scout uses these attestations to evaluate the image's security and
+supply chain posture, and to provide remediation recommendations for issues. If
+issues are detected, such as missing or outdated attestations, Docker Scout can
+guide you on how to add or update them, ensuring compliance and improving
+visibility into the image's security status.
+
+There are two key types of attestations:
+
+- SBOM, which lists the software artifacts within the image.
+- Provenance, which details how the image was built.
+
+You can create attestations by using `docker buildx build` with the
+`--provenance` and `--sbom` flags. Attestations attach to the image index,
+allowing you to inspect them without pulling the entire image. Docker Scout
+leverages this metadata to give you more precise recommendations and better
+control over your image's security.
+
+<div id="scout-lp-survey-anchor"></div>
diff --git a/content/guides/docker-scout/common-questions.md b/content/guides/docker-scout/common-questions.md
@@ -1,7 +1,6 @@
 ---
 title: Common challenges and questions
 description: Explore common challenges and questions related to Docker Scout.
-weight: 30
 ---
 
 <!-- vale Docker.HeadingLength = NO -->

diff --git a/content/guides/docker-scout/demo.md b/content/guides/docker-scout/demo.md
@@ -1,9 +1,12 @@
 ---
 title: Docker Scout demo
+linkTitle: Demo
 description: Learn about Docker Scout's powerful features for enhanced supply chain security.
 weight: 20
 ---
 
+{{< youtube-embed "TkLwJ0p46W8" >}}
+
 Docker Scout has powerful features for enhancing containerized application
 security and ensuring a robust software supply chain.
 
@@ -15,6 +18,4 @@ security and ensuring a robust software supply chain.
   removing unnecessary packages
 - Verify and validate remediation efforts using Docker Scout
 
-{{< youtube-embed "TkLwJ0p46W8" >}}
-
 <div id="scout-lp-survey-anchor"></div>
diff --git a/content/guides/docker-scout/remediation.md b/content/guides/docker-scout/remediation.md
@@ -0,0 +1,27 @@
+---
+title: Remediation
+description: Learn how Docker Scout can help you improve your software quality automatically, using remediation
+keywords: scout, supply chain, security, remediation, automation
+weight: 60
+---
+
+{{< youtube-embed jM9zLBf8M-8 >}}
+
+Docker Scout's [remediation feature](/manuals/scout/policy/remediation.md)
+helps you address supply chain and security issues by offering tailored
+recommendations based on policy evaluations. These recommendations guide you in
+improving policy compliance or enhancing image metadata, allowing Docker Scout
+to perform more accurate evaluations in the future.
+
+You can use this feature to ensure that your base images are up-to-date and
+that your supply chain attestations are complete. When a violation occurs,
+Docker Scout provides recommended fixes, such as updating your base image or
+adding missing attestations. If there isn’t enough information to determine
+compliance, Docker Scout suggests actions to help resolve the issue.
+
+In the Docker Scout Dashboard, you can view and act on these recommendations by
+reviewing violations or compliance uncertainties. With integrations like
+GitHub, you can even automate updates, directly fixing issues from the
+dashboard.
+
+<div id="scout-lp-survey-anchor"></div>
diff --git a/content/manuals/scout/concepts/s3c.md → content/guides/docker-scout/s3c.md b/content/manuals/scout/concepts/s3c.md → content/guides/docker-scout/s3c.md
@@ -2,8 +2,13 @@
 title: Software supply chain security
 description: Learn about software supply chain security (S3C), what it means, and why it is important.
 keywords: docker scout, secure, software, supply, chain, security, sssc, sscs, s3c
+aliases:
+  - /scout/concepts/s3c/
+weight: 30
 ---
 
+{{< youtube-embed YzNK6E7APv0 >}}
+
 The term "software supply chain" refers to the end-to-end process of developing
 and delivering software, from the development to deployment and maintenance.
 Software supply chain security, or "S3C" for short, is the practice for
@@ -39,7 +44,7 @@ day where software is built using multiple components from different sources.
 Organizations need to have a clear understanding of the software components
 they use, and the security risks associated with them.
 
-## Docker Scout
+## How Docker Scout is different
 
 Docker Scout is a platform designed to help organizations secure their software
 supply chain. It provides tools and services for identifying and managing
@@ -53,9 +58,11 @@ updated risk assessment is available within seconds, and earlier in the
 development process.
 
 Docker Scout works by analyzing the composition of your images to create a
-[Software Bill of Materials (SBOM)](/manuals/scout/concepts/sbom.md). The SBOM is
-cross-referenced against the security advisories to identify CVEs that affect
-your images. Docker Scout integrates with [over 20 different security
+Software Bill of Materials (SBOM). The SBOM is cross-referenced against the
+security advisories to identify CVEs that affect your images. Docker Scout
+integrates with [over 20 different security
 advisories](/manuals/scout/deep-dive/advisory-db-sources.md), and updates its
 vulnerability database in real-time. This ensures that your security posture is
 represented using the latest available information.
+
+<div id="scout-lp-survey-anchor"></div>
diff --git a/content/manuals/scout/concepts/sbom.md → content/guides/docker-scout/sbom.md b/content/manuals/scout/concepts/sbom.md → content/guides/docker-scout/sbom.md
@@ -2,8 +2,13 @@
 title: Software Bill of Materials
 description: Learn about Software Bill of Materials (SBOM) and how Docker Scout uses it.
 keywords: scout, sbom, software bill of materials, analysis, composition
+aliases:
+  - /scout/concepts/sbom/
+weight: 40
 ---
 
+{{< youtube-embed PbS4y7C7h4A >}}
+
 A Bill of Materials (BOM) is a list of materials, parts, and the quantities of
 each needed to manufacture a product. For example, a BOM for a computer might
 list the motherboard, CPU, RAM, power supply, storage devices, case, and other
@@ -35,16 +40,10 @@ An SBOM typically includes the following information:
 
 Docker Scout uses SBOMs to determine the components that are used in a Docker
 image. When you analyze an image, Docker Scout will either use the SBOM that is
-attached to the image (using [attestations](/manuals/build/metadata/attestations/_index.md)), or
-it will generate an SBOM on the fly by analyzing the contents of the image.
+attached to the image as an attestation, or it will generate an SBOM on the fly
+by analyzing the contents of the image.
 
 The SBOM is cross-referenced with the [advisory database](/manuals/scout/deep-dive/advisory-db-sources.md)
 to determine if any of the components in the image have known vulnerabilities.
 
-## Additional resources
-
-To learn more about generating SBOMs and how SBOMs are used in Docker Scout,
-see:
-
-- [Image analysis in Docker Scout](/manuals/scout/explore/analysis.md)
-- [View and create SBOMs](/manuals/scout/how-tos/view-create-sboms.md)
+<div id="scout-lp-survey-anchor"></div>
diff --git a/content/guides/docker-scout/why.md b/content/guides/docker-scout/why.md
@@ -4,6 +4,8 @@ description: Learn how Docker Scout can help you secure your supply chain.
 weight: 10
 ---
 
+{{< youtube-embed "-omsQ7Uqyc4" >}}
+
 Organizations face significant challenges from data breaches,
 including financial losses, operational disruptions, and long-term damage to
 brand reputation and customer trust. Docker Scout addresses critical problems
@@ -22,6 +24,4 @@ development process. It also integrates with popular development tools like
 Docker Desktop and GitHub Actions, providing seamless security management and
 compliance checks within existing workflows.
 
-{{< youtube-embed "-omsQ7Uqyc4" >}}
-
 <div id="scout-lp-survey-anchor"></div>
diff --git a/content/manuals/accounts/_index.md b/content/manuals/accounts/_index.md
@@ -1,6 +1,5 @@
 ---
-title: Docker account overview
-linkTitle: Docker accounts
+title: Docker accounts
 weight: 200
 description: Learn how to create and manage your Docker account.
 keywords: accounts, docker ID, account management, account settings, docker account, docker home

diff --git a/content/manuals/admin/_index.md b/content/manuals/admin/_index.md
@@ -1,6 +1,5 @@
 ---
-title: Administration overview
-linkTitle: Administration
+title: Administration
 weight: 200
 description: Discover manuals on administration for accounts, organizations, and companies.
 keywords: admin, administration, company, organization, Admin Console, user accounts, account management

@@ -1,6 +1,5 @@
 ---
-title: Overview of Docker Build
-linkTitle: Docker Build
+title: Docker Build
 weight: 100
 description: Get an overview of Docker Build to package and bundle your code and ship it anywhere
 keywords: build, buildx, buildkit

@@ -8,6 +8,8 @@ aliases:
   - /build/attestations/
 ---
 
+{{< youtube-embed qOzcycbTs4o >}}
+
 Build attestations describe how an image was built, and what it contains. The
 attestations are created at build-time by BuildKit, and become attached to the
 final image as metadata.

@@ -1,6 +1,5 @@
 ---
-title: Docker Compose overview
-linkTitle: Docker Compose
+title: Docker Compose
 weight: 100
 description: Learn how to use Docker Compose to define and run multi-container applications
   with this detailed introduction to the tool.

@@ -1,6 +1,5 @@
 ---
-title: Overview of Docker Desktop
-linkTitle: Docker Desktop
+title: Docker Desktop
 weight: 100
 description: Explore Docker Desktop, what it has to offer, and its key features. Take the next step by downloading or find additional resources
 keywords: how to use docker desktop, what is docker desktop used for, what does docker

@@ -2,7 +2,6 @@
 description: Get an overview on Docker Hub to find and share container images
 keywords: docker hub, hub, repositories
 title: Docker Hub
-linkTitle: Docker Hub
 weight: 100
 grid:
 - title: Quickstart

@@ -1,6 +1,5 @@
 ---
-title: Docker Engine overview
-linkTitle: Docker Engine
+title: Docker Engine
 weight: 100
 description: Find a comprehensive overview of Docker Engine, including how to install, storage details, networking, and more
 keywords: Engine

@@ -1,6 +1,5 @@
 ---
-title: Overview of Docker Extensions
-linkTitle: Docker Extensions
+title: Docker Extensions
 weight: 100
 description: Extensions
 keywords: Docker Extensions, Docker Desktop, Linux, Mac, Windows

@@ -8,6 +8,8 @@ keywords: scout, supply chain, security, remediation, automation
 Remediation with Docker Scout is currently in [Beta](../../release-lifecycle.md#Beta).
 {{% /experimental %}}
 
+{{< youtube-embed 7PsZbAsPgsY >}}
+
 Docker Scout helps you remediate supply chain or security issues by providing
 recommendations based on policy evaluation results. Recommendations are
 suggested actions you can take that improve policy compliance, or that add
-Original file line number
+Diff line change
@@ Expand Up / @@ -31,6 +31,7 @@ exceptions: @@
       - DPI
       - DSOS
       - DVP
+      - ECI
       - ELK
       - FAQ
       - FUSE
@@ Expand Down Expand Up / @@ -68,6 +69,7 @@ exceptions: @@
       - NTLM
       - NVDA
       - OCI
+      - OS
       - OSS
       - PATH
       - PDF
@@ Expand Down @@