Merge pull request #21406 from docker/published-update

aevesdocker · web-flow · commit e17e68b843bf · 2024-11-13T08:52:51.000Z
publish updates from main
diff --git a/_vale/Docker/Acronyms.yml b/_vale/Docker/Acronyms.yml
@@ -60,6 +60,7 @@ exceptions:
   - LTS
   - MAC
   - MDM
+  - MDN
   - NAT
   - NET
   - NFS
@@ -90,6 +91,7 @@ exceptions:
   - SDK
   - SLES
   - SLSA
+  - SOCKS
   - SPDX
   - SQL
   - SSD
diff --git a/_vale/config/vocabularies/Docker/accept.txt b/_vale/config/vocabularies/Docker/accept.txt
@@ -108,6 +108,7 @@ Zsh
 [Mm]oby
 [Oo]nboarding
 [Pp]aravirtualization
+[Pp]roxied
 [Pp]roxying
 [Rr]eal-time
 [Rr]untimes?
@@ -156,5 +157,6 @@ tmpfs
 ufw
 umask
 ungated
+untrusted
 vSphere
 vpnkit
diff --git a/content/manuals/build/building/best-practices.md b/content/manuals/build/building/best-practices.md
@@ -319,7 +319,7 @@ backslashes to make your Dockerfile more readable, understandable, and
 maintainable.
 
 For example, you can chain commands with the `&&` operator, and use
-use escape characters to break long commands into multiple lines.
+escape characters to break long commands into multiple lines.
 
 ```dockerfile
 RUN apt-get update && apt-get install -y \
diff --git a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/known-issues.md b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/known-issues.md
@@ -4,6 +4,8 @@ keywords: mac, troubleshooting, known issues, Docker Desktop
 title: Known issues
 tags: [ Troubleshooting ]
 weight: 30
+aliases:
+ - /desktop/troubleshoot/known-issues/
 ---
 
 {{< tabs >}}
diff --git a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/topics.md b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/topics.md
@@ -6,6 +6,8 @@ linkTitle: Common topics
 toc_max: 4
 tags: [ Troubleshooting ]
 weight: 10 
+aliases:
+ - /desktop/troubleshoot/topics/
 ---
 
 > [!TIP]
diff --git a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/workarounds.md b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/workarounds.md
@@ -4,6 +4,8 @@ keywords: linux, mac, windows, troubleshooting, workarounds, Docker Desktop
 title: Workarounds for common problems
 tags: [ Troubleshooting ]
 weight: 20
+aliases:
+ - /desktop/troubleshoot/workarounds/
 ---
 
 ### Reboot
diff --git a/content/manuals/docker-hub/_index.md b/content/manuals/docker-hub/_index.md
@@ -1,59 +1,50 @@
 ---
-description: Find a comprehensive overview of Docker Hub, including its features, administrative settings, how to get started quickly, and more
-keywords: Docker, docker, docker hub, hub, repositories, docker account
-title: Overview of Docker Hub
+description: Get an overview on Docker Hub to find and share container images
+keywords: docker hub, hub, repositories
+title: Docker Hub
 linkTitle: Docker Hub
 weight: 100
 grid:
 - title: Quickstart
   description: Step-by-step instructions on getting started on Docker Hub.
   icon: explore
   link: /docker-hub/quickstart
-- title: Create a repository
+- title: Repositories
   description: Create a repository to share your images with your team, customers,
     or the Docker community.
   icon: inbox
   link: /docker-hub/repos
-- title: Manage repository access
-  description: Manage access to push and pull to your repository and assign permissions.
-  icon: key
-  link: /docker-hub/repos/access
-- title: Automated builds
-  description: Learn how you can automatically build images from source code to push to your repositories.
-  icon: build
-  link: /docker-hub/builds/how-builds-work
+- title: Organizations
+  description: Learn about organization administration.
+  icon: store
+  link: /admin/
+- title: Usage
+  description: Explore usage limits and how to better utilize Docker Hub.
+  icon: leaderboard
+  link: /docker-hub/download-rate-limit/
 - title: Release notes
   description: Find out about new features, improvements, and bug fixes.
   icon: note_add
   link: /docker-hub/release-notes
 ---
 
-Docker Hub is a service provided by Docker for finding and sharing container images.
+Docker Hub simplifies development with the world's largest container registry
+for storing, managing, and sharing Docker images. By integrating seamlessly with
+your tools, it enhances productivity and ensures reliable deployment,
+distribution, and access to containerized applications. It also provides
+developers with pre-built images and assets to speed up development workflows.
 
-It's the world’s largest repository of container images with an array of content sources including container community developers, open source projects, and independent software vendors (ISV) building and distributing their code in containers.
+Key features of Docker Hub:
 
-Docker Hub is also where you can go to [carry out administrative tasks for organizations](/admin/). If you have a Docker Team or Business subscription, you can also carry out administrative tasks in the [Docker Admin Console](https://admin.docker.com).
+* Unlimited public repositories
+* Private repositories
+* Webhooks to automate workflows
+* GitHub and Bitbucket integrations
+* Concurrent and automated builds
+* Trusted content featuring high-quality, secure images
 
-{{< tabs >}}
-{{< tab name="What key features are included in Docker Hub?" >}}
-* [Repositories](../docker-hub/repos/_index.md): Push and pull container images.
-* [Builds](builds/_index.md): Automatically build container images from
-GitHub and Bitbucket and push them to Docker Hub.
-* [Webhooks](webhooks.md): Trigger actions after a successful push
-  to a repository to integrate Docker Hub with other services.
-* [Docker Hub CLI](https://github.com/docker/hub-tool#readme) tool (currently experimental) and an API that allows you to interact with Docker Hub.
-  * Browse through the [Docker Hub API](/reference/api/hub/latest/) documentation to explore the supported endpoints.
-{{< /tab >}}
-{{< tab name="What administrative tasks can I perform in Docker Hub?" >}}
-* [Create and manage teams and organizations](orgs.md)
-* [Create a company](../admin/company/new-company.md)
-* [Enforce sign in](../security/for-admins/enforce-sign-in/_index.md)
-* Set up [SSO](../security/for-admins/single-sign-on/_index.md) and [SCIM](../security/for-admins/provisioning/scim.md)
-* Use [Group mapping](group-mapping.md)
-* [Carry out domain audits](domain-audit.md)
-* [Use Image Access Management](/manuals/security/for-admins/hardened-desktop/image-access-management.md) to control developers' access to certain types of images
-* [Turn on Registry Access Management](/manuals/security/for-admins/hardened-desktop/registry-access-management.md)
-{{< /tab >}}
-{{< /tabs >}}
+In addition to the graphical interface, you can interact with Docker Hub using
+the [Docker Hub API](../../reference/api/hub/latest.md) or experimental [Docker
+Hub CLI tool](https://github.com/docker/hub-tool#readme).
 
-{{< grid >}}
+{{< grid >}}
diff --git a/content/manuals/docker-hub/release-notes.md b/content/manuals/docker-hub/release-notes.md
@@ -15,6 +15,18 @@ known issues for each Docker Hub release.
 
 Take a look at the [Docker Public Roadmap](https://github.com/orgs/docker/projects/51/views/1?filterQuery=) to see what's coming next.
 
+## 2024-11-11
+
+### New
+
+- [Personal access tokens](/security/for-developers/access-tokens/) (PATs) now support expiration dates.
+
+## 2024-10-15
+
+### New
+
+- Beta: You can now create [organization access tokens](/security/for-admins/access-tokens/) (OATs) to enhance security for organizations and streamline access management for organizations.
+
 ## 2024-03-23
 
 ### New
diff --git a/content/manuals/scout/how-tos/artifact-types.md b/content/manuals/scout/how-tos/artifact-types.md
@@ -56,7 +56,7 @@ You can use prefixes with the following commands:
 This section contains a few examples showing how you can use prefixes
 to specify artifacts for `docker scout` commands.
 
-## Analyze a local project
+### Analyze a local project
 
 The `fs://` prefix lets you analyze local source code directly,
 without having to build it into a container image.
@@ -112,7 +112,7 @@ pkg:npm/fastify@3.29.0
   CRITICAL  0
 ```
 
-## Compare a local project to an image
+### Compare a local project to an image
 
 With `docker scout compare`, you can compare the analysis of source code on
 your local filesystem with the analysis of a container image.
diff --git a/content/manuals/security/for-admins/hardened-desktop/_index.md b/content/manuals/security/for-admins/hardened-desktop/_index.md
@@ -37,9 +37,9 @@ weight: 60
 
 Hardened Docker Desktop is a group of security features, designed to improve the security of developer environments with minimal impact on developer experience or productivity.
 
-It lets administrators enforce strict security settings, preventing developers and their containers from bypassing these controls, either intentionally or unintentionally. Additionally, you can enhance container isolation, to mitigate potential security threats such as malicious payloads breaching the Docker Desktop Linux VM and the underlying host.
+It lets you enforce strict security settings, preventing developers and their containers from bypassing these controls, either intentionally or unintentionally. Additionally, you can enhance container isolation, to mitigate potential security threats such as malicious payloads breaching the Docker Desktop Linux VM and the underlying host.
 
-Hardened Docker Desktop moves the ownership boundary for Docker Desktop configuration to the organization, meaning that any security controls administrators set cannot be altered by the user of Docker Desktop. 
+Hardened Docker Desktop moves the ownership boundary for Docker Desktop configuration to the organization, meaning that any security controls you set cannot be altered by the user of Docker Desktop. 
 
 It is for security conscious organizations who:
 - Don’t give their users root or administrator access on their machines
@@ -50,8 +50,8 @@ It is for security conscious organizations who:
 
 Hardened Desktop features work independently but collectively to create a defense-in-depth strategy, safeguarding developer workstations against potential attacks across various functional layers, such as configuring Docker Desktop, pulling container images, and running container images. This multi-layered defense approach ensures comprehensive security. It helps mitigate against threats such as:
 
- - Malware and supply chain attacks: Registry Access Management and Image Access Management prevent developers from accessing certain container registries and image types, significantly lowering the risk of malicious payloads. Additionally, ECI restricts the impact of containers with malicious payloads by running them without root privileges inside a Linux user namespace.
- - Lateral movement: Air-Gapped Containers lets administrators configure network access restrictions for containers, thereby preventing malicious containers from performing lateral movement within the organization's network.
- - Insider threats: Settings Management configures and locks various Docker Desktop settings so administrators can enforce company policies and prevent developers from introducing insecure configurations, intentionally or unintentionally.
+ - Malware and supply chain attacks: Registry Access Management and Image Access Management prevent developers from accessing certain container registries and image types, significantly lowering the risk of malicious payloads. Additionally, Enhanced Container Isolation (ECI) restricts the impact of containers with malicious payloads by running them without root privileges inside a Linux user namespace.
+ - Lateral movement: Air-gapped containers lets you configure network access restrictions for containers, thereby preventing malicious containers from performing lateral movement within the organization's network.
+ - Insider threats: Settings Management configures and locks various Docker Desktop settings so you can enforce company policies and prevent developers from introducing insecure configurations, intentionally or unintentionally.
 
 {{< grid >}}
diff --git a/content/manuals/security/for-admins/hardened-desktop/air-gapped-containers.md b/content/manuals/security/for-admins/hardened-desktop/air-gapped-containers.md
@@ -9,11 +9,11 @@ aliases:
 
 {{< introduced desktop 4.29.0 "/manuals/desktop/release-notes.md#4290" >}}
 
-Air-Gapped Containers allows administrators to restrict containers from accessing network resources, limiting where data can be uploaded to or downloaded from.
+Air-gapped containers let you restrict containers from accessing network resources, limiting where data can be uploaded to or downloaded from.
 
 Docker Desktop can apply a custom set of proxy rules to network traffic from containers. The proxy can be configured to:
 
-- Allow network connections
+- Accept network connections
 - Reject network connections
 - Tunnel through an HTTP or SOCKS proxy
 
@@ -79,7 +79,7 @@ The `FindProxyForURL` can return the following values:
 
 - `PROXY host_or_ip:port`: Tunnels this request through the HTTP proxy `host_or_ip:port`
 - `SOCKS5 host_or_ip:port`: Tunnels this request through the SOCKS proxy `host_or_ip:port`
-- `DIRECT`: Allows this request to go direct, without a proxy
+- `DIRECT`: Lets this request go direct, without a proxy
 - `PROXY reject.docker.internal:any_port`: Rejects this request
 
 In this particular example, HTTP and HTTPS requests for `internal.corp` are sent via the HTTP proxy `10.0.0.1:3128`. Requests to connect to IPs on the subnet `192.168.0.0/24` connect directly. All other requests are blocked.
diff --git a/content/manuals/security/for-admins/hardened-desktop/image-access-management.md b/content/manuals/security/for-admins/hardened-desktop/image-access-management.md
@@ -14,20 +14,15 @@ weight: 40
 >
 > Image Access Management is available to [Docker Business](/manuals/subscription/core-subscription/details.md#docker-business) customers only.
 
-Image Access Management gives administrators control over which types of images, such as Docker Official Images, Docker Verified Publisher Images, or community images, their developers can pull from Docker Hub.
+Image Access Management gives you control over which types of images, such as Docker Official Images, Docker Verified Publisher Images, or community images, your developers can pull from Docker Hub.
 
 For example, a developer, who is part of an organization, building a new containerized application could accidentally use an untrusted, community image as a component of their application. This image could be malicious and pose a security risk to the company. Using Image Access Management, the organization owner can ensure that the developer can only access trusted content like Docker Official Images, Docker Verified Publisher Images, or the organization’s own images, preventing such a risk.
 
 ## Prerequisites
 
-You need to [enforce sign-in](../enforce-sign-in/_index.md). For Image Access
-Management to take effect, Docker Desktop users must authenticate to your
-organization. Enforcing sign-in ensures that your Docker Desktop developers
-always authenticate to your organization, even though they can authenticate
-without it and the feature will take effect. Enforcing sign-in guarantees the
-feature always takes effect.
+You first need to [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to ensure that all Docker Desktop developers authenticate with your organization. Since Image Access Management requires a Docker Business subscription, enforced sign-in guarantees that only authenticated users have access and that the feature consistently takes effect across all users, even though it may still work without enforced sign-in.
 
-## Configure Image Access Management permissions
+## Configure
 
 {{< tabs >}}
 {{< tab name="Docker Hub" >}}
diff --git a/data/redirects.yml b/data/redirects.yml
@@ -98,7 +98,7 @@
   - /go/storage-driver/
 "/docker-hub/vulnerability-scanning/":
   - /go/tip-scanning/
-"/desktop/windows/features/wsl/":
+"/desktop/features/wsl/":
   # Link used by Docker Desktop to refer users on how to activate WSL 2
   - /go/wsl2/
 "/reference/api/hub/latest/":
diff --git a/layouts/shortcodes/admin-image-access.html b/layouts/shortcodes/admin-image-access.html
@@ -10,12 +10,12 @@
 2. {{ $iam_navigation }}
 3. Enable Image Access Management to set the permissions for the following categories of images you can manage:
 
-  - **Organization images**: Images from your organization are always allowed by default. These images can be public or private created by members within your organization.
+  - **Organization Images**: Images from your organization are always allowed by default. These images can be public or private created by members within your organization.
   - **Docker Official Images**: A curated set of Docker repositories hosted on Hub. They provide OS repositories, best practices for Dockerfiles, drop-in solutions, and applies security updates on time.
   - **Docker Verified Publisher Images**: Images published by Docker partners that are part of the Verified Publisher program and are qualified to be included in the developer secure supply chain.
-  - **Community images**: These images are disabled by default when Image Access Management is enabled because various users contribute them and they may pose security risks. This category includes Docker-Sponsored Open Source images.
+  - **Community Images**: These images are disabled by default when Image Access Management is enabled because various users contribute them and they may pose security risks. This category includes Docker-Sponsored Open Source images.
 
-  > **Note**
+  > [!NOTE]
   >
   > Image Access Management is turned off by default. However, owners in your organization have access to all images regardless of the settings.
 

-Original file line number
+Diff line change
   - LTS
   - MAC
   - MDM
 +  - MDN
   - NAT
   - NET
   - NFS
   - SDK
   - SLES
   - SLSA
 +  - SOCKS
   - SPDX
   - SQL
   - SSD