From fd8426ff228acf604cfc4eac443150b3cd1915ff Mon Sep 17 00:00:00 2001
From: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Date: Mon, 5 Aug 2024 09:38:04 +0200
Subject: [PATCH] scout: base image policy config for health scores

The Unapproved base images policy enables the optional configurations by
default when used in health score evaluation.

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
---
 content/scout/policy/scores.md | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/content/scout/policy/scores.md b/content/scout/policy/scores.md
index b018817ade..26a8cbafe0 100644
--- a/content/scout/policy/scores.md
+++ b/content/scout/policy/scores.md
@@ -108,12 +108,19 @@ The policies that influence the score, and their respective weights, are as foll
 | [Fixable critical and high vulnerabilities](./_index.md#fixable-critical-and-high-vulnerabilities)        | 20     |
 | [High-profile vulnerabilities](./_index.md#high-profile-vulnerabilities)                                  | 20     |
 | [Supply chain attestations](./_index.md#supply-chain-attestations)                                        | 15     |
-| [Unapproved base images](./_index.md#unapproved-base-images)                                              | 15     |
+| [Unapproved base images](./_index.md#unapproved-base-images) \*                                           | 15     |
 | [Outdated base images](./_index.md#outdated-base-images)                                                  | 10     |
 | [Default non-root user](./_index.md#default-non-root-user)                                                | 5      |
-| AGPL v3-licensed software \*                                                                              | 5      |
+| AGPL v3-licensed software \*\*                                                                            | 5      |
 
-\* _The **AGPL v3-licensed software** policy is a subset of the
+\* _The **Unapproved base images** policy used for health score evaluation also
+checks that the tags of Docker Official Images use supported tags and, where
+applicable, that the Linux distro that the image uses is a supported distro
+version. This is a policy configuration option that's enabled by default for
+health score evaluation. For more information, refer to the
+[Unapproved base images](/scout/policy/#unapproved-base-images) policy._
+
+\*\* _The **AGPL v3-licensed software** policy is a subset of the
 [Copyleft licenses](./_index.md#copyleft-licenses) policy._
 
 ### Evaluation