Merge branch 'main' into ENGDOCS-2281

Author: sarahsanders-docker

_vale/Docker/Acronyms.yml

@@ -31,6 +31,7 @@ exceptions:
   - DPI
   - DSOS
   - DVP
+  - ECI
   - ELK
   - FAQ
   - FUSE
@@ -60,13 +61,15 @@ exceptions:
   - LTS
   - MAC
   - MDM
+  - MDN
   - NAT
   - NET
   - NFS
   - NOTE
   - NTLM
   - NVDA
   - OCI
+  - OS
   - OSS
   - PATH
   - PDF
@@ -90,6 +93,7 @@ exceptions:
   - SDK
   - SLES
   - SLSA
+  - SOCKS
   - SPDX
   - SQL
   - SSD

_vale/Docker/RecommendedWords.yml

@@ -14,7 +14,7 @@ swap:
   (?:sign on|log on|log in|logon|login): sign in
   above: previous
   adaptor: adapter
-  admin: administrator
+  admin(?! console): administrator
   administrate: administer
   afterwards: afterward
   allow: let

_vale/config/vocabularies/Docker/accept.txt

@@ -1,5 +1,4 @@
 (?-i)[A-Z]{2,}s
-Admin Console
 Amazon
 Anchore
 Apple
@@ -108,6 +107,7 @@ Zsh
 [Mm]oby
 [Oo]nboarding
 [Pp]aravirtualization
+[Pp]roxied
 [Pp]roxying
 [Rr]eal-time
 [Rr]untimes?
@@ -156,5 +156,6 @@ tmpfs
 ufw
 umask
 ungated
+untrusted
 vSphere
 vpnkit

content/get-started/docker-concepts/building-images/multi-stage-builds.md

@@ -57,9 +57,8 @@ In this hands-on guide, you'll unlock the power of multi-stage builds to create
 
 1. [Download and install](https://www.docker.com/products/docker-desktop/) Docker Desktop.
 
-2. [Download and install](https://www.oracle.com/java/technologies/downloads/) Java.
 
-3. Open this [pre-initialized project](https://start.spring.io/#!type=maven-project&language=java&platformVersion=3.4.0-M3&packaging=jar&jvmVersion=21&groupId=com.example&artifactId=spring-boot-docker&name=spring-boot-docker&description=Demo%20project%20for%20Spring%20Boot&packageName=com.example.spring-boot-docker&dependencies=web) to generate a ZIP file. Here’s how that looks:
+2. Open this [pre-initialized project](https://start.spring.io/#!type=maven-project&language=java&platformVersion=3.4.0-M3&packaging=jar&jvmVersion=21&groupId=com.example&artifactId=spring-boot-docker&name=spring-boot-docker&description=Demo%20project%20for%20Spring%20Boot&packageName=com.example.spring-boot-docker&dependencies=web) to generate a ZIP file. Here’s how that looks:
 
 
     ![A screenshot of Spring Initializr tool selected with Java 21, Spring Web and Spring Boot 3.4.0](images/multi-stage-builds-spring-initializer.webp?border=true)
@@ -72,7 +71,7 @@ In this hands-on guide, you'll unlock the power of multi-stage builds to create
     For this demonstration, you’ve paired Maven build automation with Java, a Spring Web dependency, and Java 21 for your metadata.
 
 
-4. Navigate the project directory. Once you unzip the file, you'll see the following project directory structure:
+3. Navigate the project directory. Once you unzip the file, you'll see the following project directory structure:
 
 
     ```plaintext
@@ -109,7 +108,7 @@ In this hands-on guide, you'll unlock the power of multi-stage builds to create
    contains most of the information needed to build a customized project. The POM is huge and can seem    
    daunting. Thankfully, you don't yet need to understand every intricacy to use it effectively. 
 
-5. Create a RESTful web service that displays "Hello World!". 
+4. Create a RESTful web service that displays "Hello World!". 
 
     
     Under the `src/main/java/com/example/spring_boot_docker/` directory, you can modify your  

content/guides/docker-scout/_index.md

@@ -14,16 +14,14 @@ aliases:
 params:
   featured: true
   image: images/learning-paths/scout.png
-  time: 10 minutes
+  time: 20 minutes
   resource_links:
     - title: Docker Scout overview
       url: /scout/
     - title: Docker Scout quickstart
       url: /scout/quickstart/
     - title: Install Docker Scout
       url: /scout/install/
-    - title: Software Bill of Materials
-      url: /scout/concepts/sbom/
 ---
 
 When container images are insecure, significant risks can arise. Around 60% of

content/guides/docker-scout/attestations.md

@@ -0,0 +1,36 @@
+---
+title: Attestations
+keywords: build, attestations, sbom, provenance, metadata
+description: |
+  Introduction to SBOM and provenance attestations with Docker Build,
+  what they are, and why they exist
+weight: 50
+---
+
+{{< youtube-embed qOzcycbTs4o >}}
+
+[Build attestations](/manuals/build/metadata/attestations/_index.md) give you
+detailed information about how an image was built and what it contains. These
+attestations, generated by BuildKit during build-time, attach to the final
+image as metadata, allowing you to inspect an image to see its origin, creator,
+and contents. This information helps you make informed decisions about the
+security and impact of the image on your supply chain.
+
+Docker Scout uses these attestations to evaluate the image's security and
+supply chain posture, and to provide remediation recommendations for issues. If
+issues are detected, such as missing or outdated attestations, Docker Scout can
+guide you on how to add or update them, ensuring compliance and improving
+visibility into the image's security status.
+
+There are two key types of attestations:
+
+- SBOM, which lists the software artifacts within the image.
+- Provenance, which details how the image was built.
+
+You can create attestations by using `docker buildx build` with the
+`--provenance` and `--sbom` flags. Attestations attach to the image index,
+allowing you to inspect them without pulling the entire image. Docker Scout
+leverages this metadata to give you more precise recommendations and better
+control over your image's security.
+
+<div id="scout-lp-survey-anchor"></div>

content/guides/docker-scout/common-questions.md

@@ -1,7 +1,6 @@
 ---
 title: Common challenges and questions
 description: Explore common challenges and questions related to Docker Scout.
-weight: 30
 ---
 
 <!-- vale Docker.HeadingLength = NO -->

content/guides/docker-scout/demo.md

@@ -1,9 +1,12 @@
 ---
 title: Docker Scout demo
+linkTitle: Demo
 description: Learn about Docker Scout's powerful features for enhanced supply chain security.
 weight: 20
 ---
 
+{{< youtube-embed "TkLwJ0p46W8" >}}
+
 Docker Scout has powerful features for enhancing containerized application
 security and ensuring a robust software supply chain.
 
@@ -15,6 +18,4 @@ security and ensuring a robust software supply chain.
   removing unnecessary packages
 - Verify and validate remediation efforts using Docker Scout
 
-{{< youtube-embed "TkLwJ0p46W8" >}}
-
 <div id="scout-lp-survey-anchor"></div>

content/guides/docker-scout/remediation.md

@@ -0,0 +1,27 @@
+---
+title: Remediation
+description: Learn how Docker Scout can help you improve your software quality automatically, using remediation
+keywords: scout, supply chain, security, remediation, automation
+weight: 60
+---
+
+{{< youtube-embed jM9zLBf8M-8 >}}
+
+Docker Scout's [remediation feature](/manuals/scout/policy/remediation.md)
+helps you address supply chain and security issues by offering tailored
+recommendations based on policy evaluations. These recommendations guide you in
+improving policy compliance or enhancing image metadata, allowing Docker Scout
+to perform more accurate evaluations in the future.
+
+You can use this feature to ensure that your base images are up-to-date and
+that your supply chain attestations are complete. When a violation occurs,
+Docker Scout provides recommended fixes, such as updating your base image or
+adding missing attestations. If there isn’t enough information to determine
+compliance, Docker Scout suggests actions to help resolve the issue.
+
+In the Docker Scout Dashboard, you can view and act on these recommendations by
+reviewing violations or compliance uncertainties. With integrations like
+GitHub, you can even automate updates, directly fixing issues from the
+dashboard.
+
+<div id="scout-lp-survey-anchor"></div>

content/manuals/scout/concepts/s3c.md renamed to content/guides/docker-scout/s3c.md

@@ -2,8 +2,13 @@
 title: Software supply chain security
 description: Learn about software supply chain security (S3C), what it means, and why it is important.
 keywords: docker scout, secure, software, supply, chain, security, sssc, sscs, s3c
+aliases:
+  - /scout/concepts/s3c/
+weight: 30
 ---
 
+{{< youtube-embed YzNK6E7APv0 >}}
+
 The term "software supply chain" refers to the end-to-end process of developing
 and delivering software, from the development to deployment and maintenance.
 Software supply chain security, or "S3C" for short, is the practice for
@@ -39,7 +44,7 @@ day where software is built using multiple components from different sources.
 Organizations need to have a clear understanding of the software components
 they use, and the security risks associated with them.
 
-## Docker Scout
+## How Docker Scout is different
 
 Docker Scout is a platform designed to help organizations secure their software
 supply chain. It provides tools and services for identifying and managing
@@ -53,9 +58,11 @@ updated risk assessment is available within seconds, and earlier in the
 development process.
 
 Docker Scout works by analyzing the composition of your images to create a
-[Software Bill of Materials (SBOM)](/manuals/scout/concepts/sbom.md). The SBOM is
-cross-referenced against the security advisories to identify CVEs that affect
-your images. Docker Scout integrates with [over 20 different security
+Software Bill of Materials (SBOM). The SBOM is cross-referenced against the
+security advisories to identify CVEs that affect your images. Docker Scout
+integrates with [over 20 different security
 advisories](/manuals/scout/deep-dive/advisory-db-sources.md), and updates its
 vulnerability database in real-time. This ensures that your security posture is
 represented using the latest available information.
+
+<div id="scout-lp-survey-anchor"></div>