From a006e79d448eb069fed303181bc84c38607b842e Mon Sep 17 00:00:00 2001 From: Craig Date: Wed, 6 Aug 2025 09:52:34 -0700 Subject: [PATCH] dhi: minor wording updates Signed-off-by: Craig --- content/manuals/dhi/core-concepts/digests.md | 10 +++++----- content/manuals/dhi/core-concepts/distroless.md | 7 ++++++- content/manuals/dhi/core-concepts/hardening.md | 8 +++++++- content/manuals/dhi/core-concepts/sbom.md | 4 +++- content/manuals/dhi/how-to/verify.md | 2 +- 5 files changed, 22 insertions(+), 9 deletions(-) diff --git a/content/manuals/dhi/core-concepts/digests.md b/content/manuals/dhi/core-concepts/digests.md index 84a9f953a32b..27bdc244b45d 100644 --- a/content/manuals/dhi/core-concepts/digests.md +++ b/content/manuals/dhi/core-concepts/digests.md @@ -1,5 +1,5 @@ --- -title: Digests +title: Image digests description: Learn how Docker Hardened Images help secure every stage of your software supply chain with signed metadata, provenance, and minimal attack surface. keywords: docker image digest, pull image by digest, immutable container image, secure container reference, multi-platform manifest --- @@ -21,9 +21,9 @@ sha256:94a00394bc5a8ef503fb59db0a7d0ae9e1110866e8aee8ba40cd864cea69ea1a This digest uniquely identifies the specific version of the `nginx:latest` image, ensuring that any changes to the image content result in a different digest. -## Why are digests important? +## Why are image digests important? -Using digests instead of tags offers several advantages: +Using image digests instead of tags offers several advantages: - Immutability: Once an image is built and its digest is generated, the content tied to that digest cannot change. This means that if you pull an image using @@ -40,7 +40,7 @@ Using digests instead of tags offers several advantages: ## Docker Hardened Image digests -By using digests to reference DHIs, you can ensure that your applications are +By using image digests to reference DHIs, you can ensure that your applications are always using the exact same secure image version, enhancing security and compliance @@ -48,7 +48,7 @@ compliance ### Use the Docker CLI -To view the digest of a Docker image, you can use the following command. Replace +To view the image digest of a Docker image, you can use the following command. Replace `:` with the image name and tag. ```console diff --git a/content/manuals/dhi/core-concepts/distroless.md b/content/manuals/dhi/core-concepts/distroless.md index 618a02b4c245..4dfc0c4773ca 100644 --- a/content/manuals/dhi/core-concepts/distroless.md +++ b/content/manuals/dhi/core-concepts/distroless.md @@ -10,7 +10,12 @@ Minimal images, sometimes called distroless images, are container images stripped of unnecessary components such as package managers, shells, or even the underlying operating system distribution. Docker Hardened Images (DHI) embrace this minimal approach to reduce vulnerabilities and enforce secure software -delivery. +delivery. [Docker Official +Images](../../docker-hub/image-library/trusted-content.md#docker-official-images) +and [Docker Verified Publisher +Images](../../docker-hub/image-library/trusted-content.md#verified-publisher-images) +follow similar best practices for minimalism and security but may not be as +stripped down to ensure compatibility with a wider range of use cases. ### What are minimal or distroless images? diff --git a/content/manuals/dhi/core-concepts/hardening.md b/content/manuals/dhi/core-concepts/hardening.md index 185226cb3473..3a9baae4939d 100644 --- a/content/manuals/dhi/core-concepts/hardening.md +++ b/content/manuals/dhi/core-concepts/hardening.md @@ -15,7 +15,13 @@ surface, making it more difficult for an attacker to gain control or escalate privileges inside the container. Hardening also involves applying best practices like running as a non-root user, -reducing writable surfaces, and ensuring consistency through immutability. +reducing writable surfaces, and ensuring consistency through immutability. While +[Docker Official +Images](../../docker-hub/image-library/trusted-content.md#docker-official-images) +and [Docker Verified Publisher +Images](../../docker-hub/image-library/trusted-content.md#verified-publisher-images) +follow best practices for security, they may not be as hardened as Docker +Hardened Images, as they are designed to support a broader range of use cases. ## Why is it important? diff --git a/content/manuals/dhi/core-concepts/sbom.md b/content/manuals/dhi/core-concepts/sbom.md index 18c6dd876570..00f6b7536fd6 100644 --- a/content/manuals/dhi/core-concepts/sbom.md +++ b/content/manuals/dhi/core-concepts/sbom.md @@ -89,4 +89,6 @@ $ docker scout attest get docs/dhi-node:20.19-debian12-fips-20250701182639 \ ## Resources For more details about SBOM attestations and Docker Build, see [SBOM -attestations](/build/metadata/attestations/sbom/). \ No newline at end of file +attestations](/build/metadata/attestations/sbom/). + +To learn more about Docker Scout and working with SBOMs, see [Docker Scout SBOMs](../../scout/how-tos/view-create-sboms.md). \ No newline at end of file diff --git a/content/manuals/dhi/how-to/verify.md b/content/manuals/dhi/how-to/verify.md index 8b305afcaa81..f5c79273ca73 100644 --- a/content/manuals/dhi/how-to/verify.md +++ b/content/manuals/dhi/how-to/verify.md @@ -20,7 +20,7 @@ Docker's public key for DHI images is published at: ## Verify attestations with Docker Scout -You can use the Docker Scout CLI to list and retrieve attestations for Docker +You can use the [Docker Scout](/scout/) CLI to list and retrieve attestations for Docker Hardened Images, including images mirrored into your organization's namespace. > [!NOTE]