Merge pull request #22978 from aevesdocker/ENGDOCS-2674

aevesdocker · web-flow · commit aff805d34d78 · 2025-07-02T09:16:50.000+01:00
build: seo updates
diff --git a/content/manuals/build/metadata/attestations/sbom.md b/content/manuals/build/metadata/attestations/sbom.md
@@ -2,30 +2,22 @@
 title: SBOM attestations
 keywords: build, attestations, sbom, spdx, metadata, packages
 description: |
-  SBOM build attestations describe the contents of your image,
-  and the packages used to build it.
+  SBOM attestations describe what software artifacts an image contains and the artifacts used to create the image.
 aliases:
   - /build/attestations/sbom/
 ---
 
-Software Bill of Materials (SBOM) attestations describe what software artifacts
-an image contains, and artifacts used to create the image. Metadata included in
-an SBOM for describing software artifacts may include:
+SBOM attestations help ensure [software supply chain transparency](/guides/docker-scout/s3c.md) by verifying the software artifacts an image contains and the artifacts used to create the image. Metadata included in an [SBOM](/guides/docker-scout/sbom.md) for describing software artifacts may include:
 
 - Name of the artifact
 - Version
 - License type
 - Authors
 - Unique package identifier
 
-There are benefits to indexing contents of an image during the build, as opposed
-to scanning a final image. When scanning happens as part of the build, you're
-able to detect software you use to build the image, that may not show up in the
-final image.
+Indexing the contents of an image during the build has benefits over scanning a final image. When scanning happens as part of the build, you can detect software you used to build the image, which may not show up in the final image.
 
-The SBOMs generated by BuildKit follow the SPDX standard. SBOMs attach to the
-final image as a JSON-encoded SPDX document, using the format defined by the
-[in-toto SPDX predicate](https://github.com/in-toto/attestation/blob/main/spec/predicates/spdx.md).
+Docker supports SBOM generation and attestation through an SLSA-compliant build process using BuildKit and attestations. The SBOMs generated by [BuildKit](/manuals/build/buildkit/_index.md) follow the SPDX standard and attach to the final image as a JSON-encoded SPDX document, using the format defined by the [in-toto SPDX predicate](https://github.com/in-toto/attestation/blob/main/spec/predicates/spdx.md). On this page, you’ll learn how to create, manage, and verify SBOM attestations using Docker tooling.
 
 ## Create SBOM attestations
 
