From b87296f18b20614321ac41f9154a601be174d875 Mon Sep 17 00:00:00 2001 From: Ajeet Raina Date: Mon, 23 Feb 2026 18:23:17 +0530 Subject: [PATCH] address review feedback on DHI build update --- content/manuals/dhi/how-to/build.md | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/content/manuals/dhi/how-to/build.md b/content/manuals/dhi/how-to/build.md index b9ecceb815b7..0da8f5b6cee4 100644 --- a/content/manuals/dhi/how-to/build.md +++ b/content/manuals/dhi/how-to/build.md @@ -13,10 +13,23 @@ metadata. The DHI build system produces a signed image containing only the requi packages, with a Software Bill of Materials (SBOM) and SLSA Build Level 3 provenance. +This guide is for teams building private custom images and developers who want +to contribute new image definitions to the DHI catalog. + This page explains how to write a DHI definition file, build images locally, and use advanced patterns such as build stages, third-party repositories, file paths, and dev variants. +> [!NOTE] +> +> When you build your own hardened images using this guide, you benefit from +> SBOM generation, a declarative build approach, and security-focused tooling. +> However, self-built images don't carry the same guarantees as images pulled +> from the DHI catalog, such as Docker's continuous vulnerability remediation, +> full attestation chain, and SLSA Build Level 3 provenance from Docker's +> secure build service. + + > [!IMPORTANT] > > You must authenticate to the Docker Hardened Images registry (`dhi.io`) to @@ -785,12 +798,11 @@ Measure the security improvement against an equivalent non-hardened image: ```console $ docker scout compare my-image:latest \ - --to : \ + --to : \ --platform linux/amd64 ``` -Replace `` with the Docker Official Image or -community image you're comparing against. +Replace `` with the image you're replacing. ### Inspect with Docker Debug