centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-03-27 06:18:55 +07:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #24405 from craig-osterhout/dhi-docs-scanner-1

Browse Source 
dhi: updates from scanner
This commit is contained in:
David Karlsson
2026-03-19 13:05:05 +01:00
committed by GitHub
parent 6b1ebe4fba e7281bde3d
commit b0a2a7fead
3 changed files with 6 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
content/manuals/dhi/core-concepts/cis.md
View File

@@ -24,9 +24,9 @@ Following the CIS Docker Benchmark helps organizations:
## How Docker Hardened Images comply with the CIS Benchmark
Docker Hardened Images (DHIs) are designed with security in mind and are
verified to be compliant with the relevant controls from the latest CIS
Docker Benchmark (v1.8.0) for the scope that applies to container images and
Dockerfile configuration.
verified to be compliant with the relevant controls from the CIS Docker
Benchmark for the scope that applies to container images and Dockerfile
configuration.
CIS-compliant DHIs are compliant with all controls in Section 4, with the sole
exception of the control requiring Docker Content Trust (DCT), which [Docker

3
content/manuals/dhi/core-concepts/cves.md
View File

@@ -160,9 +160,6 @@ $ docker scout vex get dhi.io/<image>:<tag> --output vex.json
> [!NOTE]
>
> The `docker scout vex get` command requires [Docker Scout
> CLI](https://github.com/docker/scout-cli/) version 1.18.3 or later.
>
> If the image exists locally on your device, you must prefix the image name with `registry://`. For example, use
> `registry://dhi.io/python:3.13` instead of `dhi.io/python:3.13`.

6
content/manuals/dhi/core-concepts/sscs.md
View File

@@ -17,9 +17,9 @@ ensuring the integrity and security of these elements is paramount
## Why is SSCS important?
The significance of SSCS has escalated due to the rise in sophisticated
cyberattacks targeting software supply chains. Recent incidents and the
exploitation of vulnerabilities in open-source components have underscored the
The significance of SSCS has escalated due to sophisticated cyberattacks
targeting software supply chains. High-profile supply chain attacks and the
exploitation of vulnerabilities in open-source components underscore the
critical need for robust supply chain security measures. Compromises at any
stage of the software lifecycle can lead to widespread vulnerabilities, data
breaches, and significant financial losses.