From afc46ae08dcec997c4f18dbfd287c5417eba1ffc Mon Sep 17 00:00:00 2001
From: aevesdocker <allie.sadler@docker.com>
Date: Wed, 2 Jul 2025 09:13:05 +0100
Subject: [PATCH] build: seo updates

---
 .../manuals/build/metadata/attestations/sbom.md  | 16 ++++------------
 1 file changed, 4 insertions(+), 12 deletions(-)

diff --git a/content/manuals/build/metadata/attestations/sbom.md b/content/manuals/build/metadata/attestations/sbom.md
index ffbd5354317d..a272f724446e 100644
--- a/content/manuals/build/metadata/attestations/sbom.md
+++ b/content/manuals/build/metadata/attestations/sbom.md
@@ -2,15 +2,12 @@
 title: SBOM attestations
 keywords: build, attestations, sbom, spdx, metadata, packages
 description: |
-  SBOM build attestations describe the contents of your image,
-  and the packages used to build it.
+  SBOM attestations describe what software artifacts an image contains and the artifacts used to create the image.
 aliases:
   - /build/attestations/sbom/
 ---
 
-Software Bill of Materials (SBOM) attestations describe what software artifacts
-an image contains, and artifacts used to create the image. Metadata included in
-an SBOM for describing software artifacts may include:
+SBOM attestations help ensure [software supply chain transparency](/guides/docker-scout/s3c.md) by verifying the software artifacts an image contains and the artifacts used to create the image. Metadata included in an [SBOM](/guides/docker-scout/sbom.md) for describing software artifacts may include:
 
 - Name of the artifact
 - Version
@@ -18,14 +15,9 @@ an SBOM for describing software artifacts may include:
 - Authors
 - Unique package identifier
 
-There are benefits to indexing contents of an image during the build, as opposed
-to scanning a final image. When scanning happens as part of the build, you're
-able to detect software you use to build the image, that may not show up in the
-final image.
+Indexing the contents of an image during the build has benefits over scanning a final image. When scanning happens as part of the build, you can detect software you used to build the image, which may not show up in the final image.
 
-The SBOMs generated by BuildKit follow the SPDX standard. SBOMs attach to the
-final image as a JSON-encoded SPDX document, using the format defined by the
-[in-toto SPDX predicate](https://github.com/in-toto/attestation/blob/main/spec/predicates/spdx.md).
+Docker supports SBOM generation and attestation through an SLSA-compliant build process using BuildKit and attestations. The SBOMs generated by [BuildKit](/manuals/build/buildkit/_index.md) follow the SPDX standard and attach to the final image as a JSON-encoded SPDX document, using the format defined by the [in-toto SPDX predicate](https://github.com/in-toto/attestation/blob/main/spec/predicates/spdx.md). On this page, you’ll learn how to create, manage, and verify SBOM attestations using Docker tooling.
 
 ## Create SBOM attestations