docker · craig-osterhout · Aug 7, 2025 · Aug 6, 2025
@@ -1,5 +1,5 @@
 ---
-title: Digests
+title: Image digests
 description: Learn how Docker Hardened Images help secure every stage of your software supply chain with signed metadata, provenance, and minimal attack surface.
 keywords: docker image digest, pull image by digest, immutable container image, secure container reference, multi-platform manifest
 ---
@@ -21,9 +21,9 @@ sha256:94a00394bc5a8ef503fb59db0a7d0ae9e1110866e8aee8ba40cd864cea69ea1a
 This digest uniquely identifies the specific version of the `nginx:latest` image,
 ensuring that any changes to the image content result in a different digest.
 
-## Why are digests important?
+## Why are image digests important?
 
-Using digests instead of tags offers several advantages:
+Using image digests instead of tags offers several advantages:
 
 - Immutability: Once an image is built and its digest is generated, the content
   tied to that digest cannot change. This means that if you pull an image using
@@ -40,15 +40,15 @@ Using digests instead of tags offers several advantages:
 
 ## Docker Hardened Image digests
 
-By using digests to reference DHIs, you can ensure that your applications are
+By using image digests to reference DHIs, you can ensure that your applications are
 always using the exact same secure image version, enhancing security and
 compliance
 
 ## View an image digest
 
 ### Use the Docker CLI
 
-To view the digest of a Docker image, you can use the following command. Replace
+To view the image digest of a Docker image, you can use the following command. Replace
 `<image-name>:<tag>` with the image name and tag.
 
 ```console

@@ -10,7 +10,12 @@ Minimal images, sometimes called distroless images, are container images
 stripped of unnecessary components such as package managers, shells, or even the
 underlying operating system distribution. Docker Hardened Images (DHI) embrace
 this minimal approach to reduce vulnerabilities and enforce secure software
-delivery.
+delivery. [Docker Official
+Images](../../docker-hub/image-library/trusted-content.md#docker-official-images)
+and [Docker Verified Publisher
+Images](../../docker-hub/image-library/trusted-content.md#verified-publisher-images)
+follow similar best practices for minimalism and security but may not be as
+stripped down to ensure compatibility with a wider range of use cases.
 
 ### What are minimal or distroless images?
 

@@ -15,7 +15,13 @@ surface, making it more difficult for an attacker to gain control or escalate
 privileges inside the container.
 
 Hardening also involves applying best practices like running as a non-root user,
-reducing writable surfaces, and ensuring consistency through immutability.
+reducing writable surfaces, and ensuring consistency through immutability. While
+[Docker Official
+Images](../../docker-hub/image-library/trusted-content.md#docker-official-images)
+and [Docker Verified Publisher
+Images](../../docker-hub/image-library/trusted-content.md#verified-publisher-images)
+follow best practices for security, they may not be as hardened as Docker
+Hardened Images, as they are designed to support a broader range of use cases.
 
 ## Why is it important?
 

@@ -89,4 +89,6 @@ $ docker scout attest get docs/dhi-node:20.19-debian12-fips-20250701182639 \
 ## Resources
 
 For more details about SBOM attestations and Docker Build, see [SBOM
-attestations](/build/metadata/attestations/sbom/).
+attestations](/build/metadata/attestations/sbom/).
+
+To learn more about Docker Scout and working with SBOMs, see [Docker Scout SBOMs](../../scout/how-tos/view-create-sboms.md).
@@ -20,7 +20,7 @@ Docker's public key for DHI images is published at:
 
 ## Verify attestations with Docker Scout
 
-You can use the Docker Scout CLI to list and retrieve attestations for Docker
+You can use the [Docker Scout](/scout/) CLI to list and retrieve attestations for Docker
 Hardened Images, including images mirrored into your organization's namespace.
 
 > [!NOTE]