From cecdc28d1dc26dc55e6bdfee097493e49bc61646 Mon Sep 17 00:00:00 2001 From: Craig Osterhout Date: Wed, 18 Feb 2026 14:56:12 -0800 Subject: [PATCH] dhi: add build transparency (#24136) ## Description Add transparency benefit to the build conceptual topic. https://deploy-preview-24136--docsdocker.netlify.app/dhi/explore/build-process/ ## Related issues or tickets ENGDOCS-3191 ## Reviews - [ ] Editorial review - [ ] Product review --------- Signed-off-by: Craig Osterhout --- content/manuals/dhi/explore/build-process.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/content/manuals/dhi/explore/build-process.md b/content/manuals/dhi/explore/build-process.md index a888a427ec..a572dbb7e4 100644 --- a/content/manuals/dhi/explore/build-process.md +++ b/content/manuals/dhi/explore/build-process.md @@ -18,6 +18,25 @@ both base and customized images is backed by SLA commitments, including a 7-day SLA for critical and high severity vulnerabilities. Only DHI Enterprise includes SLAs. DHI Free offers a secure baseline but no guaranteed remediation timelines. +## Build transparency + +Docker Hardened Images provide transparency into how images are built through +publicly available definitions and verifiable attestations. + +### Image definitions + +All image definitions are publicly available in the [catalog +repository](https://github.com/docker-hardened-images/catalog). + +Each image definition is a declarative YAML specification that includes metadata, +contents, build pipeline steps, security configurations, and runtime settings. + +### SLSA attestations + +Every Docker Hardened Image includes a SLSA Build Level 3 attestation that +provides verifiable build provenance. For details on SLSA attestations and how to +verify them, see [SLSA](../core-concepts/slsa.md). + ## Build triggers Builds start automatically. You don't trigger them manually. The system monitors