From aff805d34d7880dad05ec8bd0b76fcb8a37f52e5 Mon Sep 17 00:00:00 2001 From: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> Date: Wed, 2 Jul 2025 09:16:50 +0100 Subject: [PATCH 1/7] Merge pull request #22978 from aevesdocker/ENGDOCS-2674 build: seo updates --- .../manuals/build/metadata/attestations/sbom.md | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/content/manuals/build/metadata/attestations/sbom.md b/content/manuals/build/metadata/attestations/sbom.md index ffbd5354317d..a272f724446e 100644 --- a/content/manuals/build/metadata/attestations/sbom.md +++ b/content/manuals/build/metadata/attestations/sbom.md @@ -2,15 +2,12 @@ title: SBOM attestations keywords: build, attestations, sbom, spdx, metadata, packages description: | - SBOM build attestations describe the contents of your image, - and the packages used to build it. + SBOM attestations describe what software artifacts an image contains and the artifacts used to create the image. aliases: - /build/attestations/sbom/ --- -Software Bill of Materials (SBOM) attestations describe what software artifacts -an image contains, and artifacts used to create the image. Metadata included in -an SBOM for describing software artifacts may include: +SBOM attestations help ensure [software supply chain transparency](/guides/docker-scout/s3c.md) by verifying the software artifacts an image contains and the artifacts used to create the image. Metadata included in an [SBOM](/guides/docker-scout/sbom.md) for describing software artifacts may include: - Name of the artifact - Version @@ -18,14 +15,9 @@ an SBOM for describing software artifacts may include: - Authors - Unique package identifier -There are benefits to indexing contents of an image during the build, as opposed -to scanning a final image. When scanning happens as part of the build, you're -able to detect software you use to build the image, that may not show up in the -final image. +Indexing the contents of an image during the build has benefits over scanning a final image. When scanning happens as part of the build, you can detect software you used to build the image, which may not show up in the final image. -The SBOMs generated by BuildKit follow the SPDX standard. SBOMs attach to the -final image as a JSON-encoded SPDX document, using the format defined by the -[in-toto SPDX predicate](https://github.com/in-toto/attestation/blob/main/spec/predicates/spdx.md). +Docker supports SBOM generation and attestation through an SLSA-compliant build process using BuildKit and attestations. The SBOMs generated by [BuildKit](/manuals/build/buildkit/_index.md) follow the SPDX standard and attach to the final image as a JSON-encoded SPDX document, using the format defined by the [in-toto SPDX predicate](https://github.com/in-toto/attestation/blob/main/spec/predicates/spdx.md). On this page, you’ll learn how to create, manage, and verify SBOM attestations using Docker tooling. ## Create SBOM attestations From ac3914ae010a79f4416725f756d0d532237b5ef4 Mon Sep 17 00:00:00 2001 From: Arthur Date: Wed, 2 Jul 2025 10:46:27 +0200 Subject: [PATCH 2/7] mcp: dedicated MCP hub (#22969) ## Description Update terminology and links in accordance to the new dedicated MCP Hub. Signed-off-by: Craig Co-authored-by: Craig Osterhout <103533812+craig-osterhout@users.noreply.github.com> --- content/manuals/ai/mcp-catalog-and-toolkit/catalog.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/content/manuals/ai/mcp-catalog-and-toolkit/catalog.md b/content/manuals/ai/mcp-catalog-and-toolkit/catalog.md index 7ab44e7fd15a..7526a7833fb1 100644 --- a/content/manuals/ai/mcp-catalog-and-toolkit/catalog.md +++ b/content/manuals/ai/mcp-catalog-and-toolkit/catalog.md @@ -1,10 +1,10 @@ --- title: Docker MCP Catalog description: Learn about the benefits of the MCP Catalog, how you can use it, and how you can contribute -keywords: docker hub, mcp, mcp servers, ai agents, calatog, docker +keywords: docker hub, mcp, mcp servers, ai agents, catalog, docker --- -The [Docker MCP Catalog](https://hub.docker.com/catalogs/mcp) is a centralized, trusted registry for discovering, sharing, and running MCP-compatible tools. Seamlessly integrated into Docker Hub, it offers verified, versioned, and curated MCP servers packaged as Docker images. The catalog is also available in Docker Desktop. +The [Docker MCP Catalog](https://hub.docker.com/mcp) is a centralized, trusted registry for discovering, sharing, and running MCP-compatible tools. Seamlessly integrated into Docker Hub, it offers verified, versioned, and curated MCP servers packaged as Docker images. The catalog is also available in Docker Desktop. The catalog solves common MCP server challenges: @@ -32,10 +32,11 @@ Each tool in the MCP Catalog is packaged as a Docker image with metadata: - Connect tools to their preferred agents with simple configuration through the [MCP Toolkit](toolkit.md). - Pull and run tools using Docker Desktop or the CLI. -Each catalog entry provides: +Each catalog entry displays: - Tool description and metadata - Version history +- List of tools provided by the MCP server - Example configuration for agent integration ## Use an MCP server from the catalog @@ -44,11 +45,11 @@ To use an MCP server from the catalog, see [MCP toolkit](toolkit.md). ## Contribute an MCP server to the catalog -The MCP server registry is available at https://github.com/docker/mcp-registry. To submit an MCP server: +The MCP server registry is available at https://github.com/docker/mcp-registry. To submit an MCP server, follow the [contributing guidelines](https://github.com/docker/mcp-registry/blob/main/CONTRIBUTING.md). When your pull request is reviewed and approved, your MCP server is available in 24 hours on: - Docker Desktop's [MCP Toolkit feature](toolkit.md) - The [Docker MCP catalog](https://hub.docker.com/mcp) -- The [Docker Hub](https://hub.docker.com/u/mcp) mcp namespace (for MCP servers built by Docker) +- The [Docker Hub](https://hub.docker.com/u/mcp) `mcp` namespace (for MCP servers built by Docker) From 75160e41de550f542dd21b83e3e46b2cc40900e3 Mon Sep 17 00:00:00 2001 From: Arthur Date: Wed, 2 Jul 2025 10:46:48 +0200 Subject: [PATCH 3/7] fix: clarify requirements (#22971) Clarify supported platforms. --------- Co-authored-by: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> --- _vale/Docker/Forbidden.yml | 6 ++++ _vale/config/vocabularies/Docker/accept.txt | 8 +++-- content/manuals/ai/model-runner/_index.md | 35 +++++++++++++++++++++ data/summary.yaml | 2 +- hugo_stats.json | 3 ++ 5 files changed, 50 insertions(+), 4 deletions(-) create mode 100644 _vale/Docker/Forbidden.yml diff --git a/_vale/Docker/Forbidden.yml b/_vale/Docker/Forbidden.yml new file mode 100644 index 000000000000..d8b7a37ae8c9 --- /dev/null +++ b/_vale/Docker/Forbidden.yml @@ -0,0 +1,6 @@ +extends: substitution +message: "Use '%s' instead of '%s'." +level: error +ignorecase: false +swap: + Docker CE: Docker Engine diff --git a/_vale/config/vocabularies/Docker/accept.txt b/_vale/config/vocabularies/Docker/accept.txt index dc57808c91e6..dc911190c3f4 100644 --- a/_vale/config/vocabularies/Docker/accept.txt +++ b/_vale/config/vocabularies/Docker/accept.txt @@ -1,7 +1,8 @@ (?i)[A-Z]{2,}'?s +Adreno +Aleksandrov Amazon Anchore -Aleksandrov Apple Artifactory Azure @@ -114,6 +115,7 @@ Nginx npm Nutanix Nuxeo +NVIDIA OAuth Okta Ollama @@ -126,8 +128,7 @@ PKG Postgres PowerShell Python -Pyright -pyright +Qualcomm rollback rootful runc @@ -200,6 +201,7 @@ Zsh [Pp]rocfs [Pp]roxied [Pp]roxying +[pP]yright [Rr]eal-time [Rr]egex(es)? [Rr]untimes? diff --git a/content/manuals/ai/model-runner/_index.md b/content/manuals/ai/model-runner/_index.md index faa2f32d74f3..9523b47e8b5b 100644 --- a/content/manuals/ai/model-runner/_index.md +++ b/content/manuals/ai/model-runner/_index.md @@ -40,6 +40,41 @@ with AI models locally. - Run and interact with AI models directly from the command line or from the Docker Desktop GUI - Manage local models and display logs +## Requirements + +Docker Model Runner is supported on the following platforms: + +{{< tabs >}} +{{< tab name="Windows">}} + +Windows(amd64): +- NVIDIA GPUs +- NVIDIA drivers 576.57+ + +Windows(arm64): +- OpenCL for Adreno +- Qualcomm Adreno GPU (6xx series and later) + + > [!NOTE] + > Some llama.cpp features might not be fully supported on the 6xx series. + +{{< /tab >}} +{{< tab name="MacOS">}} + +- Apple Silicon + +{{< /tab >}} +{{< tab name="Linux">}} + +Docker Engine only: + +- Linux CPU & Linux NVIDIA +- NVIDIA drivers 575.57.08+ + +{{< /tab >}} +{{}} + + ## How it works Models are pulled from Docker Hub the first time they're used and stored locally. They're loaded into memory only at runtime when a request is made, and unloaded when not in use to optimize resources. Since models can be large, the initial pull may take some time — but after that, they're cached locally for faster access. You can interact with the model using [OpenAI-compatible APIs](#what-api-endpoints-are-available). diff --git a/data/summary.yaml b/data/summary.yaml index a75b022507ef..596e888c00b5 100644 --- a/data/summary.yaml +++ b/data/summary.yaml @@ -162,7 +162,7 @@ Docker Init: Docker Model Runner: availability: Beta requires: Docker Engine or Docker Desktop (Windows) 4.41+ or Docker Desktop (MacOS) 4.40+ - for: Docker Desktop for Mac with Apple Silicon or Windows with NVIDIA GPUs + for: See Requirements section below Docker Projects: availability: Beta Docker Scout exceptions: diff --git a/hugo_stats.json b/hugo_stats.json index 9748c47ca59c..8ce431cd9033 100644 --- a/hugo_stats.json +++ b/hugo_stats.json @@ -84,6 +84,7 @@ "Mac-and-Linux", "Mac-with-Apple-silicon", "Mac-with-Intel-chip", + "MacOS", "Manually-create-assets", "NetworkManager", "Networking-mode", @@ -110,7 +111,9 @@ "Run-Ollama-in-a-container", "Run-Ollama-outside-of-a-container", "Rust", + "Separate-containers", "Shell-script", + "Single-container", "Specific-version", "Svelte", "Ubuntu", From a46cdb485de49b5946d46c0e8c65a7c12cffb6c8 Mon Sep 17 00:00:00 2001 From: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> Date: Wed, 2 Jul 2025 10:45:17 +0100 Subject: [PATCH 4/7] Compose freshness: startup order, profiles, lifecycle hooks, project name (#22949) ## Description Freshness to a few how-tos pages. also fixes and closes https://github.com/docker/docs/issues/21417 ## Related issues or tickets ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --- content/manuals/compose/how-tos/lifecycle.md | 4 +- content/manuals/compose/how-tos/profiles.md | 74 ++++--------------- .../manuals/compose/how-tos/project-name.md | 6 +- .../manuals/compose/how-tos/startup-order.md | 6 +- 4 files changed, 22 insertions(+), 68 deletions(-) diff --git a/content/manuals/compose/how-tos/lifecycle.md b/content/manuals/compose/how-tos/lifecycle.md index d60a942d9691..5857539c161d 100644 --- a/content/manuals/compose/how-tos/lifecycle.md +++ b/content/manuals/compose/how-tos/lifecycle.md @@ -2,8 +2,8 @@ title: Using lifecycle hooks with Compose linkTitle: Use lifecycle hooks weight: 20 -desription: How to use lifecycle hooks with Docker Compose -keywords: cli, compose, lifecycle, hooks reference +description: Learn how to use Docker Compose lifecycle hooks like post_start and pre_stop to customize container behavior. +keywords: docker compose lifecycle hooks, post_start, pre_stop, docker compose entrypoint, docker container stop hooks, compose hook commands --- {{< summary-bar feature_name="Compose lifecycle hooks" >}} diff --git a/content/manuals/compose/how-tos/profiles.md b/content/manuals/compose/how-tos/profiles.md index 5d90153606b1..13d472e5dc39 100644 --- a/content/manuals/compose/how-tos/profiles.md +++ b/content/manuals/compose/how-tos/profiles.md @@ -85,6 +85,12 @@ If you want to enable all profiles at the same time, you can run `docker compose ## Auto-starting profiles and dependency resolution +When you explicitly target a service on the command line that has one or more profiles assigned, you do not need to enable the profile manually as Compose runs that service regardless of whether its profile is activated. This is useful for running one-off services or debugging tools. + +Only the targeted service (and any of its declared dependencies via `depends_on`) is started. Other services that share the same profile will not be started unless: +- They are also explicitly targeted, or +- The profile is explicitly enabled using `--profile` or `COMPOSE_PROFILES`. + When a service with assigned `profiles` is explicitly targeted on the command line its profiles are started automatically so you don't need to start them manually. This can be used for one-off services and debugging tools. @@ -108,72 +114,19 @@ services: ``` ```sh -# Only start backend and db +# Only start backend and db (no profiles involved) $ docker compose up -d -# This runs db-migrations (and, if necessary, start db) -# by implicitly enabling the profiles "tools" +# Run the db-migrations service without manually enabling the 'tools' profile $ docker compose run db-migrations ``` -But keep in mind that `docker compose` only automatically starts the -profiles of the services on the command line and not of any dependencies. - -This means that any other services the targeted service `depends_on` should either: -- Share a common profile -- Always be started, by omitting `profiles` or having a matching profile started explicitly - -```yaml -services: - web: - image: web - - mock-backend: - image: backend - profiles: ["dev"] - depends_on: - - db - - db: - image: mysql - profiles: ["dev"] - - phpmyadmin: - image: phpmyadmin - profiles: ["debug"] - depends_on: - - db -``` - -```sh -# Only start "web" -$ docker compose up -d - -# Start mock-backend (and, if necessary, db) -# by implicitly enabling profiles "dev" -$ docker compose up -d mock-backend - -# This fails because profiles "dev" is not enabled -$ docker compose up phpmyadmin -``` - -Although targeting `phpmyadmin` automatically starts the profiles `debug`, it doesn't automatically start the profiles required by `db` which is `dev`. +In this example, `db-migrations` runs even though it is assigned to the tools profile, because it was explicitly targeted. The `db` service is also started automatically because it is listed in `depends_on`. -To fix this you either have to add the `debug` profile to the `db` service: - -```yaml -db: - image: mysql - profiles: ["debug", "dev"] -``` - -or start the `dev` profile explicitly: - -```console -# Profiles "debug" is started automatically by targeting phpmyadmin -$ docker compose --profile dev up phpmyadmin -$ COMPOSE_PROFILES=dev docker compose up phpmyadmin -``` +If the targeted service has dependencies that are also gated behind a profile, you must ensure those dependencies are either: + - In the same profile + - Started separately + - Not assigned to any profile so are always enabled ## Stop application and services with specific profiles @@ -208,6 +161,7 @@ services: ``` if you only want to stop the `phpmyadmin` service, you can run + ```console $ docker compose down phpmyadmin ``` diff --git a/content/manuals/compose/how-tos/project-name.md b/content/manuals/compose/how-tos/project-name.md index 18372aa7cc5e..37aabdcaa5bd 100644 --- a/content/manuals/compose/how-tos/project-name.md +++ b/content/manuals/compose/how-tos/project-name.md @@ -1,20 +1,20 @@ --- title: Specify a project name weight: 10 -description: Understand the different ways you can set a project name in Compose and what the precedence is. +description: Learn how to set a custom project name in Compose and understand the precedence of each method. keywords: name, compose, project, -p flag, name top-level element aliases: - /compose/project-name/ --- -In Compose, the default project name is derived from the base name of the project directory. However, you have the flexibility to set a custom project name. +By default, Compose assigns the project name based on the name of the directory that contains the Compose file. You can override this with several methods. This page offers examples of scenarios where custom project names can be helpful, outlines the various methods to set a project name, and provides the order of precedence for each approach. > [!NOTE] > > The default project directory is the base directory of the Compose file. A custom value can also be set -> for it using the [`--project-directory` command line option](/reference/cli/docker/compose.md#use--p-to-specify-a-project-name). +> for it using the [`--project-directory` command line option](/reference/cli/docker/compose.md#options). ## Example use cases diff --git a/content/manuals/compose/how-tos/startup-order.md b/content/manuals/compose/how-tos/startup-order.md index 2234fff15690..1d55fd5ee14d 100644 --- a/content/manuals/compose/how-tos/startup-order.md +++ b/content/manuals/compose/how-tos/startup-order.md @@ -1,6 +1,6 @@ --- -description: How to control service startup and shutdown order in Docker Compose -keywords: documentation, docs, docker, compose, startup, shutdown, order +description: Learn how to manage service startup and shutdown order in Docker Compose using depends_on and healthchecks. +keywords: docker compose startup order, compose shutdown order, depends_on, service healthcheck, control service dependencies title: Control startup and shutdown order in Compose linkTitle: Control startup order weight: 30 @@ -13,7 +13,7 @@ You can control the order of service startup and shutdown with the containers in dependency order, where dependencies are determined by `depends_on`, `links`, `volumes_from`, and `network_mode: "service:..."`. -A good example of when you might use this is an application which needs to access a database. If both services are started with `docker compose up`, there is a chance this will fail since the application service might start before the database service and won't find a database able to handle its SQL statements. +For example, if your application needs to access a database and both services are started with `docker compose up`, there is a chance this will fail since the application service might start before the database service and won't find a database able to handle its SQL statements. ## Control startup From f45316b3ae95d58e2b34440bb2935fa8658e6df8 Mon Sep 17 00:00:00 2001 From: Craig Osterhout <103533812+craig-osterhout@users.noreply.github.com> Date: Wed, 2 Jul 2025 06:29:10 -0700 Subject: [PATCH 5/7] dhi: add fips variants (#22873) ## Description Add FIPS variants to DHI docs https://deploy-preview-22873--docsdocker.netlify.app/dhi/core-concepts/fips/ https://deploy-preview-22873--docsdocker.netlify.app/dhi/about/available/#fips-variants ## Related issues or tickets ENGDOCS-2734 ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review Signed-off-by: Craig --- content/manuals/dhi/about/available.md | 23 ++++- content/manuals/dhi/core-concepts/_index.md | 4 + content/manuals/dhi/core-concepts/fips.md | 108 ++++++++++++++++++++ content/manuals/dhi/how-to/explore.md | 1 + 4 files changed, 135 insertions(+), 1 deletion(-) create mode 100644 content/manuals/dhi/core-concepts/fips.md diff --git a/content/manuals/dhi/about/available.md b/content/manuals/dhi/about/available.md index 84219f7f625c..269b6eaeedb6 100644 --- a/content/manuals/dhi/about/available.md +++ b/content/manuals/dhi/about/available.md @@ -70,4 +70,25 @@ in a secure build environment and deploy it using a lean runtime image. For example, you might find tags like the following in a DHI repository: - `3.9.23-debian12`: runtime image for Python 3.9.23 -- `3.9.23-debian12-dev`: development image for Python 3.9.23 \ No newline at end of file +- `3.9.23-debian12-dev`: development image for Python 3.9.23 + +## FIPS variants + +Some Docker Hardened Images include a `-fips` variant. These variants use +cryptographic modules that have been validated under [FIPS +140](../core-concepts/fips.md), a U.S. government standard for secure +cryptographic operations. + +FIPS variants are designed to help organizations meet regulatory and compliance +requirements related to cryptographic use in sensitive or regulated +environments. + +You can recognize FIPS variants by their tag that includes `-fips`. + +For example: +- `3.13-fips`: FIPS variant of the Python 3.13 image +- `3.9.23-debian12-fips`: FIPS variant of the Debian-based Python 3.9.23 image + +FIPS variants can be used in the same way as any other Docker Hardened Image and +are ideal for teams operating in regulated industries or under compliance +frameworks that require cryptographic validation. diff --git a/content/manuals/dhi/core-concepts/_index.md b/content/manuals/dhi/core-concepts/_index.md index 369f77fb8881..fd098701864b 100644 --- a/content/manuals/dhi/core-concepts/_index.md +++ b/content/manuals/dhi/core-concepts/_index.md @@ -20,6 +20,10 @@ params: description: Learn how build provenance metadata helps trace the origin of Docker Hardened Images and support compliance with SLSA. icon: track_changes link: /dhi/core-concepts/provenance/ + - title: FIPS + description: Learn how Docker Hardened Images support FIPS 140 by using validated cryptographic modules and providing signed attestations for compliance audits. + icon: verified + link: /dhi/core-concepts/fips/ grid_concepts_risk: - title: Common Vulnerabilities and Exposures (CVEs) diff --git a/content/manuals/dhi/core-concepts/fips.md b/content/manuals/dhi/core-concepts/fips.md new file mode 100644 index 000000000000..4b67a57c545e --- /dev/null +++ b/content/manuals/dhi/core-concepts/fips.md @@ -0,0 +1,108 @@ +--- +title: FIPS +description: Learn how Docker Hardened Images support FIPS 140 through validated cryptographic modules to help organizations meet compliance requirements. +keywords: docker fips, fips 140 images, fips docker images, docker compliance, secure container images +--- + +## What is FIPS 140? + +[FIPS 140](https://csrc.nist.gov/publications/detail/fips/140/3/final) is a U.S. +government standard that defines security requirements for cryptographic modules +that protect sensitive information. It is widely used in regulated environments +such as government, healthcare, and financial services. + +FIPS certification is managed by the [NIST Cryptographic Module Validation +Program +(CMVP)](https://csrc.nist.gov/projects/cryptographic-module-validation-program), +which ensures cryptographic modules meet rigorous security standards. + +## Why FIPS compliance matters + +FIPS 140 compliance is required or strongly recommended in many regulated +environments where sensitive data must be protected, such as government, +healthcare, finance, and defense. These standards ensure that cryptographic +operations are performed using vetted, trusted algorithms implemented in secure +modules. + +Using software components that rely on validated cryptographic modules can help organizations: + +- Satisfy federal and industry mandates, such as FedRAMP, which require or + strongly recommend FIPS 140-validated cryptography. +- Demonstrate audit readiness, with verifiable evidence of secure, + standards-based cryptographic practices. +- Reduce security risk, by blocking unapproved or unsafe algorithms (e.g., MD5) + and ensuring consistent behavior across environments. + +## How Docker Hardened Images support FIPS compliance + +Docker Hardened Images (DHIs) include variants that use cryptographic modules +validated under FIPS 140. These images are intended to help organizations meet +compliance requirements by incorporating components that meet the standard. + +- FIPS image variants use cryptographic modules that are already validated under + FIPS 140. +- These variants are built and maintained by Docker to support environments with + regulatory or compliance needs. +- Docker provides signed test attestations that document the use of validated + cryptographic modules. These attestations can support internal audits and + compliance reporting. + +> [!NOTE] +> +> Using a FIPS image variant helps meet compliance requirements but does not +> make an application or system fully compliant. Compliance depends on how the +> image is integrated and used within the broader system. + +## Identify images that support FIPS + +Docker Hardened Images that support FIPS are marked as **FIPS** compliant +in the Docker Hardened Images catalog. + +To find DHI repositories with FIPS image variants, [explore images](../how-to/explore.md) and: + +- Use the **FIPS** filter on the catalog page +- Look for **FIPS** compliant on individual image listings + +These indicators help you quickly locate repositories that support FIPS-based +compliance needs. Image variants that include FIPS support will have a tag +ending with `-fips`, such as `3.13-fips`. + +## Validate FIPS-related tests using attestations + +Docker Hardened Images include a signed [test +attestation](../core-concepts/attestations.md) that documents the results of +automated image validation. For FIPS variants, this includes test cases that +verify whether the image uses FIPS-validated cryptographic modules. + +You can retrieve and inspect this attestation using the Docker Scout CLI: + +```console +$ docker scout attest get \ + --predicate-type https://scout.docker.com/tests/v0.1 \ + --predicate \ + /dhi-: --platform +``` + +For example: + +```console +$ docker scout attest get \ + --predicate-type https://scout.docker.com/tests/v0.1 \ + --predicate \ + docs/dhi-python:3.13-fips --platform linux/amd64 +``` + +The output is a structured JSON report. Individual test outputs are +base64-encoded under fields like `stdout`. You can decode them to review the raw +test output. + +To decode and view test results: + +```console +$ docker scout attest get \ + --predicate-type https://scout.docker.com/tests/v0.1 \ + --predicate \ + docs/dhi-python:3.13-fips --platform linux/amd64 \ + | jq -r '.results.tests[].extra.stdout' \ + | base64 -d +``` \ No newline at end of file diff --git a/content/manuals/dhi/how-to/explore.md b/content/manuals/dhi/how-to/explore.md index b1f4df1e59c2..a023ff99abf8 100644 --- a/content/manuals/dhi/how-to/explore.md +++ b/content/manuals/dhi/how-to/explore.md @@ -74,6 +74,7 @@ To explore image variants: The **Tags** page provides the following information: - Tags: A list of all available tags, also known as image variants. +- Compliance: Lists relevant compliance designations. For example, `FIPS`. - Distribution: The distribution that the variant is based on. For example, `debian 12` or `alpine 3.21`. - Package manager: The package manager that is available in the variant. For example, `apt`, `apk`, or `-` (no package manager). - Shell: The shell that is available in the variant. For example, `bash`, `busybox`, or `-` (no shell). From 5b9334723ae5c99e13ffbd191c65f7954633a3ac Mon Sep 17 00:00:00 2001 From: Sal Sal Date: Wed, 2 Jul 2025 10:25:18 -0400 Subject: [PATCH 6/7] Update install.md - Trivial typo in installation instructions (#22952) Trivial typo in installation instructions --- content/manuals/scout/install.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/manuals/scout/install.md b/content/manuals/scout/install.md index 078f5db791a8..72a20e15113e 100644 --- a/content/manuals/scout/install.md +++ b/content/manuals/scout/install.md @@ -76,7 +76,7 @@ $ sh install-scout.sh 5. Authorize the binary to be executable on macOS: ```console - xattr -d com.apple.quarantine $HOME/.docker/scout/docker-scout. + xattr -d com.apple.quarantine $HOME/.docker/scout/docker-scout ``` 6. Add the `scout` subdirectory to your `.docker/config.json` as a plugin directory: From bd60c50186976c39c0d9c321be6d6e50f42f1a84 Mon Sep 17 00:00:00 2001 From: Gurleen Sethi Date: Wed, 2 Jul 2025 10:44:31 -0400 Subject: [PATCH 7/7] Add doc for creating OATs with public access (#22948) ## Description ## Related issues or tickets https://docker.atlassian.net/browse/IAM-1301 ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --- content/reference/api/hub/latest.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/content/reference/api/hub/latest.yaml b/content/reference/api/hub/latest.yaml index 681870cc93df..75e3c7812bd5 100644 --- a/content/reference/api/hub/latest.yaml +++ b/content/reference/api/hub/latest.yaml @@ -927,7 +927,6 @@ paths: "404": $ref: "#/components/responses/NotFound" - /v2/orgs/{org_name}/members: parameters: - $ref: "#/components/parameters/org_name" @@ -3020,7 +3019,10 @@ components: path: type: string example: "myorg/myrepo" - description: The path of the resource. The format of this will change depending on the type of resource. + description: | + The path of the resource. The format of this will change depending on the type of resource. + + To reference public repositories, use `*/*/public` as the path value. required: true scopes: type: array