From cd675854b3b97eb8066b7f3fbb8b3f94548d2fdf Mon Sep 17 00:00:00 2001 From: Craig Osterhout Date: Wed, 1 Apr 2026 10:21:14 -0700 Subject: [PATCH 1/2] dhi: refresh explore topic Signed-off-by: Craig Osterhout --- content/guides/dhi-backstage.md | 2 +- content/manuals/dhi/core-concepts/cis.md | 2 +- content/manuals/dhi/core-concepts/fips.md | 2 +- content/manuals/dhi/core-concepts/stig.md | 2 +- content/manuals/dhi/get-started.md | 6 +- content/manuals/dhi/how-to/_index.md | 15 +- content/manuals/dhi/how-to/compare.md | 193 ---------------- content/manuals/dhi/how-to/explore.md | 216 ++++++++++++------ .../manuals/dhi/how-to/select-enterprise.md | 2 +- content/manuals/dhi/how-to/use.md | 2 +- content/manuals/dhi/how-to/verify.md | 2 +- content/manuals/dhi/troubleshoot.md | 6 +- 12 files changed, 159 insertions(+), 291 deletions(-) delete mode 100644 content/manuals/dhi/how-to/compare.md diff --git a/content/guides/dhi-backstage.md b/content/guides/dhi-backstage.md index 06926e48bdd4..de90fa771b77 100644 --- a/content/guides/dhi-backstage.md +++ b/content/guides/dhi-backstage.md @@ -479,5 +479,5 @@ Different scanners detect different issues. Running all three gives you the most - [Create and build a DHI](/dhi/how-to/build/) — learn how to write a DHI definition file, build images locally. - [Use the DHI CLI](/dhi/how-to/cli/) — manage DHI images, mirrors, and customizations from the command line. - [Migrate to DHI](/dhi/migration/) — for applications that work with standard DHI images without additional packages. -- [Compare images](/dhi/how-to/compare/) — evaluate security improvements between your original and hardened images. +- [Compare images](/dhi/how-to/explore/#compare-images-using-docker-scout) — evaluate security improvements between your original and hardened images. - [Docker Debug](/dhi/how-to/debug/) — troubleshoot distroless containers that have no shell. diff --git a/content/manuals/dhi/core-concepts/cis.md b/content/manuals/dhi/core-concepts/cis.md index 426f85136ca2..0298a140655e 100644 --- a/content/manuals/dhi/core-concepts/cis.md +++ b/content/manuals/dhi/core-concepts/cis.md @@ -46,7 +46,7 @@ from the benchmark more quickly and confidently. ## Identify CIS-compliant images CIS-compliant images are labeled as **CIS** in the Docker Hardened Images catalog. -To find them, [explore images](../how-to/explore.md) and look for the **CIS** +To find them, [search the catalog](../how-to/explore.md) and look for the **CIS** designation on individual listings. ## Get the benchmark diff --git a/content/manuals/dhi/core-concepts/fips.md b/content/manuals/dhi/core-concepts/fips.md index 594d968db7b2..2b1f3f709ff4 100644 --- a/content/manuals/dhi/core-concepts/fips.md +++ b/content/manuals/dhi/core-concepts/fips.md @@ -63,7 +63,7 @@ compliance requirements by incorporating components that meet the standard. Docker Hardened Images that support FIPS are marked as **FIPS** compliant in the Docker Hardened Images catalog. -To find DHI repositories with FIPS image variants, [explore images](../how-to/explore.md) and: +To find DHI repositories with FIPS image variants, [search the catalog](../how-to/explore.md) and: - Use the **FIPS** filter on the catalog page - Look for **FIPS** compliant on individual image listings diff --git a/content/manuals/dhi/core-concepts/stig.md b/content/manuals/dhi/core-concepts/stig.md index 4b2e8cb22842..632654054637 100644 --- a/content/manuals/dhi/core-concepts/stig.md +++ b/content/manuals/dhi/core-concepts/stig.md @@ -58,7 +58,7 @@ Docker Hardened Images that include STIG scan results are labeled as **STIG** in the Docker Hardened Images catalog. To find DHI repositories with STIG image variants, [explore -images](../how-to/explore.md) and: +images](../how-to/explore.md#image-variants) and: - Use the **STIG** filter on the catalog page - Look for **STIG** labels on individual image listings diff --git a/content/manuals/dhi/get-started.md b/content/manuals/dhi/get-started.md index ce84c6dfc1a0..fb87c667d38d 100644 --- a/content/manuals/dhi/get-started.md +++ b/content/manuals/dhi/get-started.md @@ -30,8 +30,8 @@ Docker account, pull and run an image, and compare it with a Docker Official Ima `node`, or `golang`). For this example, search for `python`. 3. Select the Python repository to view its details. -Continue to the next step to pull and run the image. To dive deeper into exploring -images see [Explore Docker Hardened Images](./how-to/explore.md). +Continue to the next step to pull and run the image. To dive deeper into searching +and evaluating images, see [Search and evaluate Docker Hardened Images](./how-to/explore.md). ## Step 2: Pull and run the image @@ -131,7 +131,7 @@ This comparison shows that the Docker Hardened Image: - Reduces size: From 412 MB down to 35 MB (91% reduction) - Minimizes packages: From 610 packages down to 80 (87% reduction) -To dive deeper into comparing images see [Compare Docker Hardened Images](./how-to/compare.md). +To dive deeper into comparing images see [Search and evaluate Docker Hardened Images](./how-to/explore.md#compare-images). ## What's next diff --git a/content/manuals/dhi/how-to/_index.md b/content/manuals/dhi/how-to/_index.md index 9c1b52f6eeb8..ee04a6de5bcf 100644 --- a/content/manuals/dhi/how-to/_index.md +++ b/content/manuals/dhi/how-to/_index.md @@ -4,7 +4,7 @@ description: Step-by-step guidance for working with Docker Hardened Images, from weight: 20 params: grid_discover: - - title: Explore Docker Hardened Images + - title: Search and evaluate Docker Hardened Images description: Learn how to find and evaluate image repositories, variants, metadata, and attestations in the DHI catalog on Docker Hub. icon: travel_explore link: /dhi/how-to/explore/ @@ -49,11 +49,6 @@ params: description: Learn how to manage your mirrored and customized Docker Hardened Images in your organization. icon: reorder link: /dhi/how-to/manage/ - grid_evaluate: - - title: Compare Docker Hardened Images - description: Learn how to compare Docker Hardened Images with other container images to evaluate security improvements and differences. - icon: compare - link: /dhi/how-to/compare/ grid_verify: - title: Verify a Docker Hardened Image or chart description: Use Docker Scout or cosign to verify signed attestations like SBOMs, provenance, and vulnerability data for Docker Hardened Images and charts. @@ -101,14 +96,6 @@ Mirror trusted images, customize as needed, and integrate into your workflows. items="grid_adopt" >}} -## Evaluate - -Compare with other images to understand security improvements. - -{{< grid - items="grid_evaluate" ->}} - ## Verify Check signatures, SBOMs, and provenance, and scan for vulnerabilities. diff --git a/content/manuals/dhi/how-to/compare.md b/content/manuals/dhi/how-to/compare.md deleted file mode 100644 index f39577d5ecc6..000000000000 --- a/content/manuals/dhi/how-to/compare.md +++ /dev/null @@ -1,193 +0,0 @@ ---- -title: Compare Docker Hardened Images -linktitle: Compare images -description: Learn how to compare Docker Hardened Images with other container images to evaluate security improvements and differences. -keywords: compare docker images, docker scout compare, image comparison, vulnerability comparison, security comparison -weight: 40 ---- - -Docker Hardened Images (DHIs) are designed to provide enhanced security, -minimized attack surfaces, and production-ready foundations for your -applications. Comparing a DHI to a standard image helps you understand the -security improvements, package differences, and overall benefits of adopting -hardened images. - -This page explains how to use Docker Scout to compare a Docker Hardened Image -with another image, such as a Docker Official Image (DOI) or a custom image, to -evaluate differences in vulnerabilities, packages, and configurations. - -## Compare images using Docker Scout - -Docker Scout provides a built-in comparison feature that lets you analyze the -differences between two images. This is useful for: - -- Evaluating the security improvements when migrating from a standard image to a - DHI -- Understanding package and vulnerability differences between image variants -- Assessing the impact of customizations or updates - -### Basic comparison - -To compare a Docker Hardened Image with another image, use the [`docker scout -compare`](/reference/cli/docker/scout/compare/) command: - -```console -$ docker scout compare dhi.io/: \ - --to : \ - --platform -``` - -For example, to compare a DHI Node.js image with the official Node.js image: - -```console -$ docker scout compare dhi.io/node:22-debian13 \ - --to node:22 \ - --platform linux/amd64 -``` - -This command provides a detailed comparison including: - -- Vulnerability differences (CVEs added, removed, or changed) -- Package differences (packages added, removed, or updated) -- Overall security posture improvements - -### Filter unchanged packages - -To focus only on the differences and ignore unchanged packages, use the -`--ignore-unchanged` flag: - -```console -$ docker scout compare dhi.io/node:22-debian13 \ - --to node:22 \ - --platform linux/amd64 \ - --ignore-unchanged -``` - -This output highlights only the packages and vulnerabilities that differ between -the two images, making it easier to identify the security improvements and -changes. - -### Show overview only - -For a concise overview of the comparison results, you can extract just the -overview section using standard shell tools: - -```console -$ docker scout compare dhi.io/node:22-debian13 \ - --to node:22 \ - --platform linux/amd64 \ - --ignore-unchanged \ - 2>/dev/null | sed -n '/## Overview/,/^ ## /p' | head -n -1 -``` - -The result is a clean summary showing the key differences between the two -images. Example output: - -```console - ## Overview - - │ Analyzed Image │ Comparison Image - ────────────────────┼───────────────────────────────────────────────────────┼───────────────────────────────────────────── - Target │ dhi.io/node:22-debian13 │ node:22 - digest │ 55d471f61608 │ 9ee3220f602f - tag │ 22-debian13 │ 22 - platform │ linux/amd64 │ linux/amd64 - provenance │ https://github.com/docker-hardened-images/definitions │ https://github.com/nodejs/docker-node.git - │ 9fe491f53122b84eebba81e13f20157c18c10de2 │ bf78d7603fbea92cd3652edb3b2edadd6f5a3fe8 - vulnerabilities │ 0C 0H 0M 0L │ 0C 1H 3M 153L 4? - │ -1 -3 -153 -4 │ - size │ 41 MB (-367 MB) │ 408 MB - packages │ 19 (-726) │ 745 - │ │ -``` - -## Interpret comparison results - -The comparison output includes the following sections. - -### Overview - -The overview section provides high-level statistics about both images: - -- Target and comparison image details (digest, tag, platform, provenance) -- Vulnerability counts for each image -- Size comparison -- Package counts - -Look for: - -- Vulnerability reductions (negative numbers in the delta row) -- Size reductions showing storage efficiency -- Package count reductions indicating a minimal attack surface - -### Environment Variables - -The environment variables section shows environment variables that differ between -the two images, prefixed with `+` for added or `-` for removed. - -Look for: - -- Removed environment variables that may have been necessary for your specific use-case - -### Labels - -The labels section displays labels that differ between the two images, prefixed -with `+` for added or `-` for removed. - -### Packages and Vulnerabilities - -The packages and vulnerabilities section lists all package differences and their -associated security vulnerabilities. Packages are prefixed with: - -- `-` for packages removed from the target image (not present in the compared image) -- `+` for packages added to the target image (not present in the base image) -- `↑` for packages upgraded in the target image -- `↓` for packages downgraded in the target image - -For packages with associated vulnerabilities, the CVEs are listed with their -severity levels and identifiers. - -Look for: - -- Removed packages and vulnerabilities: Indicates a reduced attack surface in the DHI -- Added packages: May indicate DHI-specific tooling or dependencies -- Upgraded packages: Shows version updates that may include security fixes - -## When to compare images - -### Evaluate migration benefits - -Before migrating from a Docker Official Image to a DHI, compare them to -understand the security improvements. For example: - -```console -$ docker scout compare dhi.io/python:3.13 \ - --to python:3.13 \ - --platform linux/amd64 \ - --ignore-unchanged -``` - -This helps justify the migration by showing concrete vulnerability reductions -and package minimization. - -### Assess customization impact - -After customizing a DHI, compare the customized version with the original to -ensure you haven't introduced new vulnerabilities. For example: - -```console -$ docker scout compare /dhi-python:3.13-custom \ - --to dhi.io/python:3.13 \ - --platform linux/amd64 -``` - -### Track updates over time - -Compare different versions of the same DHI to see what changed between releases. For example: - -```console -$ docker scout compare dhi.io/node:22-debian13 \ - --to dhi.io/node:20-debian12 \ - --platform linux/amd64 \ - --ignore-unchanged -``` diff --git a/content/manuals/dhi/how-to/explore.md b/content/manuals/dhi/how-to/explore.md index 00f714904f6f..3697d2dc77ce 100644 --- a/content/manuals/dhi/how-to/explore.md +++ b/content/manuals/dhi/how-to/explore.md @@ -1,98 +1,95 @@ --- -title: Explore Docker Hardened Images -linktitle: Explore images -description: Learn how to find and evaluate image repositories, variants, metadata, and attestations in the DHI catalog on Docker Hub. -keywords: explore docker images, image variants, docker hub catalog, container image metadata, signed attestations +title: Search and evaluate Docker Hardened Images +linktitle: Search and evaluate +description: Learn how to find, compare, and evaluate Docker Hardened Images using the catalog on Docker Hub and Docker Scout comparison tools. +keywords: search docker images, image variants, docker hub catalog, compare docker images, docker scout compare, image comparison, vulnerability comparison weight: 10 +aliases: + - /dhi/how-to/compare/ --- Docker Hardened Images (DHI) are a curated set of secure, production-ready -container images. This page explains how to explore available DHI repositories, -review image metadata, examine variant details, and understand the security -attestations provided. Use this information to evaluate and select the right -image variants for your applications. +container images designed to provide enhanced security, minimized attack +surfaces, and production-ready foundations for your applications. -## Explore Docker Hardened Images +This page explains how to search available DHI repositories, review image +metadata, examine variant details, and compare images to evaluate security +improvements and differences. -To explore Docker Hardened Images (DHI): +## Search the catalog -1. Go to [Docker Hub](https://hub.docker.com) and sign in. -2. Select **My Hub**. -3. In the namespace drop-down, select your organization that has access to DHI. -4. Select **Hardened Images** > **Catalog**. +You can browse, search, or filter images by category in the [Hardened Image +catalog](https://hub.docker.com/hardened-images/catalog) on Docker Hub. -On the DHI page, you can browse images, search images, or filter images by -category. +Alternatively, use the [DHI CLI](/reference/cli/docker/dhi/), included in +[Docker Desktop](/desktop/), to browse the catalog from the command line: -## View repository details +```console +$ docker dhi catalog list +``` -To view repository details: +Filter by image type, name, or compliance requirements: -1. Go to [Docker Hub](https://hub.docker.com) and sign in. -2. Select **My Hub**. -3. In the namespace drop-down, select your organization that has access to DHI. -4. Select **Hardened Images** > **Catalog**. -5. Select a repository in the DHI catalog list. +```console +$ docker dhi catalog list --type image +$ docker dhi catalog list --filter python +$ docker dhi catalog list --fips +$ docker dhi catalog list --stig +``` -The repository details page provides the following: +### Repository details + +When you select a repository from the catalog, the repository details page +provides the following: - Overview: A brief explanation of the image. - Guides: Several guides on how to use the image and migrate your existing application. - - Tags: Select this option to [view image variants](#view-image-variants). + - Images: Select this option to [view image variants](#image-variants). - Security summary: Select a tag name to view a quick security summary, including package count, total known vulnerabilities, and Scout health score. - Recently pushed tags: A list of recently updated image variants and when they were last updated. - - Mirror to repository: Select this option to mirror the image to your - organization's repository in order to use it. Only organization owners can mirror a repository. - - View in repository: After a repository has been mirrored, you can select this - option to view where the repository has been mirrored, or mirror it to another repository. + - Use this image: After selecting an image variant, you can select this option to + view instructions on how to pull and use the image variant. + +To view repository details from the command line, use the DHI CLI: + +```console +$ docker dhi catalog get python +``` + +This shows available tags, CVE counts, and other repository metadata. -## View image variants +### Image variants Tags are used to identify image variants. Image variants are different builds of the same application or framework tailored for different use-cases. -To explore image variants: - -1. Go to [Docker Hub](https://hub.docker.com) and sign in. -2. Select **My Hub**. -3. In the namespace drop-down, select your organization that has access to DHI. -4. Select **Hardened Images** > **Catalog**. -5. Select a repository in the DHI catalog list. -6. Select **Tags**. - -The **Tags** page provides the following information: - -- Tags: A list of all available tags, also known as image variants. -- Compliance: Lists relevant compliance designations. For example, `FIPS` or `STIG`. -- Distribution: The distribution that the variant is based on. For example, `debian 12` or `alpine 3.21`. -- Package manager: The package manager that is available in the variant. For example, `apt`, `apk`, or `-` (no package manager). -- Shell: The shell that is available in the variant. For example, `bash`, `busybox`, or `-` (no shell). -- User: The user that the container runs as. For example, `root`, `nonroot (65532)`, or `node (1000)`. -- Last pushed: The amount of days ago that the image variant was last pushed. -- Vulnerabilities: The amount of vulnerabilities in the variant based on the severity. -- Health: The Scout health score for the variant. Select the score icon to get more details. - -> [!NOTE] -> -> Unlike most images on Docker Hub, Docker Hardened Images do not use the -> `latest` tag. Each image variant is published with a full semantic version tag -> (for example, `3.13`, `3.13-dev`) and is kept up to date. If you need to pin -> to a specific image release for reproducibility, you can reference the image -> by its [digest](../core-concepts/digests.md). - -## View image variant details - -To explore the details of an image variant: - -1. Go to [Docker Hub](https://hub.docker.com) and sign in. -2. Select **My Hub**. -3. In the namespace drop-down, select your organization that has access to DHI. -4. Select **Hardened Images** > **Catalog**. -5. Select a repository in the DHI catalog list. -6. Select **Tags**. -7. Select the image variant's tag in the table. +From the [repository details](#repository-details), select **Images** to view +the available image variants. + +The **Images** page provides a table with the following columns: + +- Image version: The image name with its base distribution (for example, `debian + 13`) and associated tags. +- Type: The support lifecycle status of the variant. +- Compliance: Relevant compliance designations. For example, `CIS`, `FIPS`, or + `STIG (100%)`. +- Package manager: Whether a package manager is available. A checkmark indicates + a package manager is present (for example, `apt` or `apk`), a dash indicates + none. +- Shell: Whether a shell is available. A checkmark indicates a shell is present + (for example, `bash` or `busybox`), a dash indicates none. +- User: The user that the container runs as. For example, `root` or `nonroot + (65532)`. +- Last pushed: When the image variant was last updated. +- Vulnerabilities: Vulnerability counts by severity level. +- Health: The Scout health score. Select the score to view more details. + +### Image variant details + +On the [**Images** page](#image-variants), select an image version from the +table to view detailed information about that specific variant. The image variant details page provides the following information: @@ -123,4 +120,81 @@ The image variant details page provides the following information: - Attestations: Variants include comprehensive security attestations to verify the image's build process, contents, and security posture. These attestations are signed and can be verified using cosign. For a list of available - attestations, see [Attestations](../core-concepts/attestations.md). \ No newline at end of file + attestations, see [Attestations](../core-concepts/attestations.md). + +## Compare images + +Docker Scout lets you analyze the differences between two images. Comparing a +DHI to a standard image helps you understand the security improvements, package +differences, and overall benefits of adopting hardened images. + +Comparison is useful for: + +- Evaluating the security improvements when migrating from a standard image to a + DHI +- Understanding package and vulnerability differences between image variants +- Assessing the impact of customizations or updates + +### Prerequisites + +Before comparing images: + +- Install [Docker Desktop](/desktop/) to use Docker Scout comparison features. +- Sign in to the registries containing the images you want to compare. Sign in + to `dhi.io` for Docker Hardened Images: + + ```console + $ docker login dhi.io + ``` + +### Basic comparison + +To compare a Docker Hardened Image with another image, use the [`docker scout +compare`](/reference/cli/docker/scout/compare/) command: + +```console +$ docker scout compare dhi.io/: \ + --to : \ + --platform +``` + +For example, to compare a DHI Node.js image with the official Node.js image: + +```console +$ docker scout compare dhi.io/node:22-debian13 \ + --to node:22 \ + --platform linux/amd64 +``` + +The output shows an overview at the top with key comparison metrics, followed by +detailed package and vulnerability information. Example overview: + +```console + ## Overview + + │ Analyzed Image │ Comparison Image + ────────────────────┼───────────────────────────────────────────────────────┼───────────────────────────────────────────── + Target │ dhi.io/node:22-debian13 │ node:22 + digest │ 55d471f61608 │ 9ee3220f602f + platform │ linux/amd64 │ linux/amd64 + vulnerabilities │ 0C 0H 0M 0L │ 0C 1H 3M 153L 4? + │ -1 -3 -153 -4 │ + size │ 41 MB (-367 MB) │ 408 MB + packages │ 19 (-726) │ 745 +``` + +### Filter unchanged packages + +To focus only on the differences and ignore unchanged packages, use the +`--ignore-unchanged` flag: + +```console +$ docker scout compare dhi.io/node:22-debian13 \ + --to node:22 \ + --platform linux/amd64 \ + --ignore-unchanged +``` + +This output highlights only the packages and vulnerabilities that differ between +the two images, making it easier to identify the security improvements and +changes. diff --git a/content/manuals/dhi/how-to/select-enterprise.md b/content/manuals/dhi/how-to/select-enterprise.md index d1a2e657371f..057c3e305aeb 100644 --- a/content/manuals/dhi/how-to/select-enterprise.md +++ b/content/manuals/dhi/how-to/select-enterprise.md @@ -71,7 +71,7 @@ can use either interface. {{< /tabs >}} Continue to the next step to mirror the image. To dive deeper into exploring -images see [Explore Docker Hardened Images](explore.md). +images see [Search and evaluate Docker Hardened Images](explore.md). ## Step 2: Mirror the repository diff --git a/content/manuals/dhi/how-to/use.md b/content/manuals/dhi/how-to/use.md index 17c57d51c02e..c1b35b13b7a5 100644 --- a/content/manuals/dhi/how-to/use.md +++ b/content/manuals/dhi/how-to/use.md @@ -59,7 +59,7 @@ use a `-dev` tag if you need a shell or package manager during build stages: FROM dhi.io/python:3.13-dev AS build ``` -To learn how to explore available variants, see [Explore images](./explore.md). +To learn how to search for available variants, see [Search and evaluate images](./explore.md). > [!TIP] > diff --git a/content/manuals/dhi/how-to/verify.md b/content/manuals/dhi/how-to/verify.md index 35aeb9e00e56..6a7adeb058d4 100644 --- a/content/manuals/dhi/how-to/verify.md +++ b/content/manuals/dhi/how-to/verify.md @@ -384,7 +384,7 @@ list of attestations available for each DHI chart. ## Explore attestations on Docker Hub You can also browse attestations visually when [exploring an image -variant](./explore.md#view-image-variant-details). The **Attestations** section +variant](./explore.md#image-variant-details). The **Attestations** section lists each available attestation with its: - Type (e.g. SBOM, VEX) diff --git a/content/manuals/dhi/troubleshoot.md b/content/manuals/dhi/troubleshoot.md index c669283ca902..24ba650fc369 100644 --- a/content/manuals/dhi/troubleshoot.md +++ b/content/manuals/dhi/troubleshoot.md @@ -32,7 +32,7 @@ appropriate permissions. To find out which user a DHI runs as, check the repository page for the image on Docker Hub. See [View image variant -details](./how-to/explore.md#view-image-variant-details) for more information. +details](./how-to/explore.md#image-variant-details) for more information. ## Privileged ports @@ -54,7 +54,7 @@ the runtime image. To find out which shell, if any, a DHI has, check the repository page for the image on Docker Hub. See [View image variant -details](./how-to/explore.md#view-image-variant-details) for more information. +details](./how-to/explore.md#image-variant-details) for more information. Also, use [Docker Debug](./how-to/debug.md) when you need shell access to a running container. @@ -66,7 +66,7 @@ or other community images. To find out the ENTRYPOINT or CMD for a DHI, check the repository page for the image on Docker Hub. See [View image variant -details](./how-to/explore.md#view-image-variant-details) for more information. +details](./how-to/explore.md#image-variant-details) for more information. ## No package manager From d08c89d24712cf5b9fb051ba412f379d4021b018 Mon Sep 17 00:00:00 2001 From: Craig Osterhout Date: Wed, 1 Apr 2026 10:24:52 -0700 Subject: [PATCH 2/2] align wording Signed-off-by: Craig Osterhout --- content/guides/dhi-backstage.md | 2 +- content/manuals/dhi/get-started.md | 2 +- content/manuals/dhi/how-to/explore.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/content/guides/dhi-backstage.md b/content/guides/dhi-backstage.md index de90fa771b77..1a8a3b35e100 100644 --- a/content/guides/dhi-backstage.md +++ b/content/guides/dhi-backstage.md @@ -479,5 +479,5 @@ Different scanners detect different issues. Running all three gives you the most - [Create and build a DHI](/dhi/how-to/build/) — learn how to write a DHI definition file, build images locally. - [Use the DHI CLI](/dhi/how-to/cli/) — manage DHI images, mirrors, and customizations from the command line. - [Migrate to DHI](/dhi/migration/) — for applications that work with standard DHI images without additional packages. -- [Compare images](/dhi/how-to/explore/#compare-images-using-docker-scout) — evaluate security improvements between your original and hardened images. +- [Compare images](/dhi/how-to/explore/#compare-and-evaluate-images) — evaluate security improvements between your original and hardened images. - [Docker Debug](/dhi/how-to/debug/) — troubleshoot distroless containers that have no shell. diff --git a/content/manuals/dhi/get-started.md b/content/manuals/dhi/get-started.md index fb87c667d38d..27e73da2f85a 100644 --- a/content/manuals/dhi/get-started.md +++ b/content/manuals/dhi/get-started.md @@ -131,7 +131,7 @@ This comparison shows that the Docker Hardened Image: - Reduces size: From 412 MB down to 35 MB (91% reduction) - Minimizes packages: From 610 packages down to 80 (87% reduction) -To dive deeper into comparing images see [Search and evaluate Docker Hardened Images](./how-to/explore.md#compare-images). +To dive deeper into comparing images see [Search and evaluate Docker Hardened Images](./how-to/explore.md#compare-and-evaluate-images). ## What's next diff --git a/content/manuals/dhi/how-to/explore.md b/content/manuals/dhi/how-to/explore.md index 3697d2dc77ce..258c38ccd206 100644 --- a/content/manuals/dhi/how-to/explore.md +++ b/content/manuals/dhi/how-to/explore.md @@ -122,7 +122,7 @@ The image variant details page provides the following information: are signed and can be verified using cosign. For a list of available attestations, see [Attestations](../core-concepts/attestations.md). -## Compare images +## Compare and evaluate images Docker Scout lets you analyze the differences between two images. Comparing a DHI to a standard image helps you understand the security improvements, package