scout: restructure learning path, add videos

Author: sbenhoff007

content/guides/docker-scout/_index.md

@@ -15,16 +15,14 @@ aliases:
 params:
   featured: true
   image: images/learning-paths/scout.png
-  time: 10 minutes
+  time: 20 minutes
   resource_links:
     - title: Docker Scout overview
       url: /scout/
     - title: Docker Scout quickstart
       url: /scout/quickstart/
     - title: Install Docker Scout
       url: /scout/install/
-    - title: Software Bill of Materials
-      url: /scout/concepts/sbom/
 ---
 
 When container images are insecure, significant risks can arise. Around 60% of

content/guides/docker-scout/attestations.md

@@ -0,0 +1,36 @@
+---
+title: Attestations
+keywords: build, attestations, sbom, provenance, metadata
+description: |
+  Introduction to SBOM and provenance attestations with Docker Build,
+  what they are, and why they exist
+weight: 50
+---
+
+{{< youtube-embed qOzcycbTs4o >}}
+
+[Build attestations](/manuals/build/metadata/attestations/_index.md) give you
+detailed information about how an image was built and what it contains. These
+attestations, generated by BuildKit during build-time, attach to the final
+image as metadata, allowing you to inspect an image to see its origin, creator,
+and contents. This information helps you make informed decisions about the
+security and impact of the image on your supply chain.
+
+Docker Scout uses these attestations to evaluate the image's security and
+supply chain posture, and to provide remediation recommendations for issues. If
+issues are detected, such as missing or outdated attestations, Docker Scout can
+guide you on how to add or update them, ensuring compliance and improving
+visibility into the image's security status.
+
+There are two key types of attestations:
+
+- SBOM, which lists the software artifacts within the image.
+- Provenance, which details how the image was built.
+
+You can create attestations by using `docker buildx build` with the
+`--provenance` and `--sbom` flags. Attestations attach to the image index,
+allowing you to inspect them without pulling the entire image. Docker Scout
+leverages this metadata to give you more precise recommendations and better
+control over your image's security.
+
+<div id="scout-lp-survey-anchor"></div>

content/guides/docker-scout/common-questions.md

@@ -1,7 +1,6 @@
 ---
 title: Common challenges and questions
 description: Explore common challenges and questions related to Docker Scout.
-weight: 30
 ---
 
 <!-- vale Docker.HeadingLength = NO -->

content/guides/docker-scout/demo.md

@@ -1,9 +1,12 @@
 ---
 title: Docker Scout demo
+linkTitle: Demo
 description: Learn about Docker Scout's powerful features for enhanced supply chain security.
 weight: 20
 ---
 
+{{< youtube-embed "TkLwJ0p46W8" >}}
+
 Docker Scout has powerful features for enhancing containerized application
 security and ensuring a robust software supply chain.
 
@@ -15,6 +18,4 @@ security and ensuring a robust software supply chain.
   removing unnecessary packages
 - Verify and validate remediation efforts using Docker Scout
 
-{{< youtube-embed "TkLwJ0p46W8" >}}
-
 <div id="scout-lp-survey-anchor"></div>

content/guides/docker-scout/remediation.md

@@ -0,0 +1,27 @@
+---
+title: Remediation
+description: Learn how Docker Scout can help you improve your software quality automatically, using remediation
+keywords: scout, supply chain, security, remediation, automation
+weight: 60
+---
+
+{{< youtube-embed 7PsZbAsPgsY >}}
+
+Docker Scout's [remediation feature](/manuals/scout/policy/remediation.md)
+helps you address supply chain and security issues by offering tailored
+recommendations based on policy evaluations. These recommendations guide you in
+improving policy compliance or enhancing image metadata, allowing Docker Scout
+to perform more accurate evaluations in the future.
+
+You can use this feature to ensure that your base images are up-to-date and
+that your supply chain attestations are complete. When a violation occurs,
+Docker Scout provides recommended fixes, such as updating your base image or
+adding missing attestations. If there isn’t enough information to determine
+compliance, Docker Scout suggests actions to help resolve the issue.
+
+In the Docker Scout Dashboard, you can view and act on these recommendations by
+reviewing violations or compliance uncertainties. With integrations like
+GitHub, you can even automate updates, directly fixing issues from the
+dashboard.
+
+<div id="scout-lp-survey-anchor"></div>

content/manuals/scout/concepts/s3c.md renamed to content/guides/docker-scout/s3c.md

@@ -2,8 +2,13 @@
 title: Software supply chain security
 description: Learn about software supply chain security (S3C), what it means, and why it is important.
 keywords: docker scout, secure, software, supply, chain, security, sssc, sscs, s3c
+aliases:
+  - /scout/concepts/s3c/
+weight: 30
 ---
 
+{{< youtube-embed YzNK6E7APv0 >}}
+
 The term "software supply chain" refers to the end-to-end process of developing
 and delivering software, from the development to deployment and maintenance.
 Software supply chain security, or "S3C" for short, is the practice for
@@ -39,7 +44,7 @@ day where software is built using multiple components from different sources.
 Organizations need to have a clear understanding of the software components
 they use, and the security risks associated with them.
 
-## Docker Scout
+## How Docker Scout is different
 
 Docker Scout is a platform designed to help organizations secure their software
 supply chain. It provides tools and services for identifying and managing
@@ -53,9 +58,11 @@ updated risk assessment is available within seconds, and earlier in the
 development process.
 
 Docker Scout works by analyzing the composition of your images to create a
-[Software Bill of Materials (SBOM)](/manuals/scout/concepts/sbom.md). The SBOM is
-cross-referenced against the security advisories to identify CVEs that affect
-your images. Docker Scout integrates with [over 20 different security
+Software Bill of Materials (SBOM). The SBOM is cross-referenced against the
+security advisories to identify CVEs that affect your images. Docker Scout
+integrates with [over 20 different security
 advisories](/manuals/scout/deep-dive/advisory-db-sources.md), and updates its
 vulnerability database in real-time. This ensures that your security posture is
 represented using the latest available information.
+
+<div id="scout-lp-survey-anchor"></div>

content/manuals/scout/concepts/sbom.md renamed to content/guides/docker-scout/sbom.md

@@ -2,8 +2,13 @@
 title: Software Bill of Materials
 description: Learn about Software Bill of Materials (SBOM) and how Docker Scout uses it.
 keywords: scout, sbom, software bill of materials, analysis, composition
+aliases:
+  - /scout/concepts/sbom/
+weight: 40
 ---
 
+{{< youtube-embed FvAVgH-3YY4 >}}
+
 A Bill of Materials (BOM) is a list of materials, parts, and the quantities of
 each needed to manufacture a product. For example, a BOM for a computer might
 list the motherboard, CPU, RAM, power supply, storage devices, case, and other
@@ -35,16 +40,10 @@ An SBOM typically includes the following information:
 
 Docker Scout uses SBOMs to determine the components that are used in a Docker
 image. When you analyze an image, Docker Scout will either use the SBOM that is
-attached to the image (using [attestations](/manuals/build/metadata/attestations/_index.md)), or
-it will generate an SBOM on the fly by analyzing the contents of the image.
+attached to the image as an attestation, or it will generate an SBOM on the fly
+by analyzing the contents of the image.
 
 The SBOM is cross-referenced with the [advisory database](/manuals/scout/deep-dive/advisory-db-sources.md)
 to determine if any of the components in the image have known vulnerabilities.
 
-## Additional resources
-
-To learn more about generating SBOMs and how SBOMs are used in Docker Scout,
-see:
-
-- [Image analysis in Docker Scout](/manuals/scout/explore/analysis.md)
-- [View and create SBOMs](/manuals/scout/how-tos/view-create-sboms.md)
+<div id="scout-lp-survey-anchor"></div>

content/guides/docker-scout/why.md

@@ -4,6 +4,8 @@ description: Learn how Docker Scout can help you secure your supply chain.
 weight: 10
 ---
 
+{{< youtube-embed "-omsQ7Uqyc4" >}}
+
 Organizations face significant challenges from data breaches,
 including financial losses, operational disruptions, and long-term damage to
 brand reputation and customer trust. Docker Scout addresses critical problems
@@ -22,6 +24,4 @@ development process. It also integrates with popular development tools like
 Docker Desktop and GitHub Actions, providing seamless security management and
 compliance checks within existing workflows.
 
-{{< youtube-embed "-omsQ7Uqyc4" >}}
-
 <div id="scout-lp-survey-anchor"></div>

content/manuals/build/metadata/attestations/_index.md

@@ -8,6 +8,8 @@ aliases:
   - /build/attestations/
 ---
 
+{{< youtube-embed qOzcycbTs4o >}}
+
 Build attestations describe how an image was built, and what it contains. The
 attestations are created at build-time by BuildKit, and become attached to the
 final image as metadata.

content/manuals/scout/policy/remediation.md

@@ -8,6 +8,8 @@ keywords: scout, supply chain, security, remediation, automation
 Remediation with Docker Scout is currently in [Beta](../../release-lifecycle.md#Beta).
 {{% /experimental %}}
 
+{{< youtube-embed 7PsZbAsPgsY >}}
+
 Docker Scout helps you remediate supply chain or security issues by providing
 recommendations based on policy evaluation results. Recommendations are
 suggested actions you can take that improve policy compliance, or that add