Sync from docker/docs@2a5041d by PCIT

.markdownlint.json

@@ -12,5 +12,6 @@
   "no-reversed-links": true,
   "reference-links-images": {
     "shortcut_syntax": true
-  }
+  },
+  "fenced-code-language": true
 }

content/billing/scout-billing.md

@@ -46,13 +46,37 @@ Once your purchase is complete, you receive a confirmation email and a copy of y
 
 ## Manage your subscription
 
-To access your subscription details, go to the **Billing** section for your personal account or organization that's subscribed. In the **Docker Scout Team** section, select **Change plan** to go to the billing details portal. In the billing details portal, you can find your renewal date, invoice history, or cancel your plan.
+To access your subscription details, go to the **Billing** section for your personal account or organization that's subscribed. In the **Docker Scout Team** section, select **Change plan** to go to the billing details portal. In the billing details portal, you can find your renewal date, invoice history, payment methods, or cancel your plan.
 
-Renewals charge to the original credit card used to buy Docker Scout Team.
+Renewals charge to the original credit card used to buy Docker Scout Team. You can manage your payment methods in the billing details portal.
 
 ### Update number of repositories for your subscription
 
-To add or remove the number of repositories associated with your subscription, [contact support](https://hub.docker.com/support/contact?topic=Billing&subtopic=Upgrade%20subscription&subject=I%20would%20like%20to%20change%20my%20Scout%20repository%20limit&description=to%20X%20repositories).
+You can add or remove the number of repositories associated with your subscription.
+
+To add repositories:
+
+1. In Docker Hub, select **Organizations**.
+2. Select the organization namespace.
+3. Select the **Billing** tab to find your active Docker Scout plan.
+4. Select **Add repositories**.
+5. Enter the number of repositories you want to add, then select **Purchase**.
+
+This purchase charges your default payment method.
+
+To remove repositories:
+
+1. In Docker Hub, select **Organizations**.
+2. Select the organization namespace.
+3. Select the **Billing** tab to find your active Docker Scout plan.
+4. Select **Remove repositories**.
+5. Enter the number of repositories you want to remove, then select **Remove**.
+
+The number of repositories updates on your next billing cycle.
+
+> **Note**
+>
+> You can't add repositories while repository removal is pending. You can add repositories again during the next billing cycle.
 
 ### Cancel your subscription
 

content/compose/release-notes.md

@@ -3314,23 +3314,24 @@ Thanks @ryanbrainard and @d11wtq!
    For example, if you have a `web` service which depends on a `db` service, `fig run web ...` will start the `db` service.
 
  - Environment variables can now be resolved from the environment that Fig is running in. Just specify it as a blank variable in your `fig.yml` and, if set, it'll be resolved:
-   ```
+
+   ```yaml
    environment:
      RACK_ENV: development
      SESSION_SECRET:
    ```
 
  - `volumes_from` is now supported in `fig.yml`. All of the volumes from the specified services and containers will be mounted:
 
-   ```
+   ```yaml
    volumes_from:
     - service_name
     - container_name
    ```
 
  - A host address can now be specified in `ports`:
 
-   ```
+   ```yaml
    ports:
     - "0.0.0.0:8000:8000"
     - "127.0.0.1:8001:8001"

content/desktop/hardened-desktop/settings-management/configure.md

@@ -22,7 +22,7 @@ Settings Management is designed specifically for organizations who don’t give
 You can either use the `--admin-settings` installer flag on [macOS](../../install/mac-install.md#install-from-the-command-line) or [Windows](../../install/windows-install.md#install-from-the-command-line) to automatically create the `admin-settings.json` and save it in the correct location, or set it up manually.
 
 To set it up manually:
-1. Create a new, empty JSON file and name it `admin-settings`.
+1. Create a new, empty JSON file and name it `admin-settings.json`.
 2. Save the `admin-settings.json` file on your developers' machines in the following locations:
 
     - Mac: `/Library/Application\ Support/com.docker.docker/admin-settings.json`

content/docker-hub/download-rate-limit.md

@@ -41,7 +41,7 @@ manifest requests.
 
 When you issue a pull request and you are over the limit, Docker Hub returns a `429` response code with the following body when the manifest is requested:
 
-```
+```text
 You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limits
 ```
 
@@ -51,7 +51,7 @@ This error message appears in the Docker CLI or in the Docker Engine logs.
 
 Valid API requests to Hub usually include the following rate limit headers in the response:
 
-```
+```text
 ratelimit-limit    
 ratelimit-remaining
 docker-ratelimit-source

content/get-started/02_our_app.md

@@ -31,7 +31,7 @@ Before you can run the application, you need to get the application source code
 
 2. View the contents of the cloned repository. You should see the following files and sub-directories.
 
-   ```
+   ```text
    ├── getting-started-app/
    │ ├── package.json
    │ ├── README.md
@@ -185,4 +185,4 @@ Related information:
 
 Next, you're going to make a modification to your app and learn how to update your running application with a new image. Along the way, you'll learn a few other useful commands.
 
-{{< button text="Update the application" url="03_updating_app.md" >}}
+{{< button text="Update the application" url="03_updating_app.md" >}}

content/get-started/06_bind_mounts.md

@@ -122,7 +122,7 @@ setting, see the topic for [Mac](../desktop/settings/mac.md/#file-sharing),
 7. Open the `getting-started-app` directory on the host and observe that the
    `myfile.txt` file is in the directory.
 
-   ```
+   ```text
    ├── getting-started-app/
    │ ├── Dockerfile
    │ ├── myfile.txt

content/get-started/08_using_compose.md

@@ -18,16 +18,16 @@ on GitHub/GitLab doing exactly this now.
 
 In the `getting-started-app` directory, create a file named `compose.yaml`.
 
-   ```
-   ├── getting-started-app/
-   │ ├── Dockerfile
-   │ ├── compose.yaml
-   │ ├── node_modules/
-   │ ├── package.json
-   │ ├── spec/
-   │ ├── src/
-   │ └── yarn.lock
-   ```
+```text
+├── getting-started-app/
+│ ├── Dockerfile
+│ ├── compose.yaml
+│ ├── node_modules/
+│ ├── package.json
+│ ├── spec/
+│ ├── src/
+│ └── yarn.lock
+```
 
 ## Define the app service
 
@@ -286,4 +286,4 @@ Related information:
 
 Next, you'll learn about a few best practices you can use to improve your Dockerfile.
 
-{{< button text="Image-building best practices" url="09_image_best.md" >}}
+{{< button text="Image-building best practices" url="09_image_best.md" >}}

content/network/network-tutorial-standalone.md

@@ -604,7 +604,7 @@ connected to both networks.
 
 9.  Stop and remove all containers and the `alpine-net` network.
 
-    ```
+    ```console
     $ docker container stop alpine1 alpine2 alpine3 alpine4
 
     $ docker container rm alpine1 alpine2 alpine3 alpine4
@@ -620,4 +620,4 @@ you might want to run through these other networking tutorials:
 
 - [Host networking tutorial](network-tutorial-host.md)
 - [Overlay networking tutorial](network-tutorial-overlay.md)
-- [Macvlan networking tutorial](network-tutorial-macvlan.md)
+- [Macvlan networking tutorial](network-tutorial-macvlan.md)

content/scout/advisory-db-sources.md

@@ -76,7 +76,7 @@ This can return a lot of false positives which you need to triage.
 
 The typical structure of a CPE match looks like this:
 
-```
+```text
 cpe:<cpe_version>:<part>:<vendor>:<product>:<version>:<update>:<edition>:<language>:<sw_edition>:<target_sw>:<target_hw>:<other>
 ```
 
@@ -93,7 +93,7 @@ identify the relevant packages with far less false positives.
 Continuing this example, a PURL can match the specific package name to a
 language and version.
 
-```
+```text
 pkg:npm/[email protected]
 ```
 

content/scout/policy/_index.md

@@ -52,12 +52,13 @@ open-source licenses.
 
 ## Default policies
 
-Docker Scout ships the following three out-of-the-box policies:
+Docker Scout ships the following out-of-the-box policies:
 
 - [Critical and high vulnerabilities with fixes](#critical-and-high-vulnerabilities-with-fixes)
 - [Critical vulnerabilities](#critical-vulnerabilities)
 - [Packages with AGPLv3, GPLv3 licenses](#packages-with-agplv3-gplv3-licenses)
 - [Base images not up-to-date](#base-images-not-up-to-date)
+- [High-profile vulnerabilities](#high-profile-vulnerabilities)
 
 These policies are turned on by default for Scout-enabled repositories. There's
 currently no way to turn off or configure these policies.
@@ -121,3 +122,16 @@ To make sure that Docker Scout always knows about your base image, you can
 attach [provenance attestations](../../build/attestations/slsa-provenance.md)
 at build-time. Docker Scout uses provenance attestations to find out the base
 image version.
+
+### High-profile vulnerabilities
+
+This policy requires that your artifacts don't contain vulnerabilities from
+Docker Scout’s curated list. This list is kept up-to-date with newly disclosed
+vulnerabilities that are widely recognized to be risky.
+
+The list includes the following vulnerabilities:
+
+- [CVE-2014-0160 (OpenSSL Heartbleed)](https://scout.docker.com/v/CVE-2014-0160)
+- [CVE-2021-44228 (Log4Shell)](https://scout.docker.com/v/CVE-2021-44228)
+- [CVE-2023-38545 (cURL SOCKS5 heap buffer overflow)](https://scout.docker.com/v/CVE-2023-38545)
+- [CVE-2023-44487 (HTTP/2 Rapid Reset)](https://scout.docker.com/v/CVE-2023-44487)

content/single-sign-on/users-faqs.md

@@ -81,8 +81,12 @@ We only support one email per user on the Docker platform.
 
 ### How can I remove invitees to the org who haven't signed in?
 
-They can go to the invitee list in the org view and remove them.
+You can go to the invitee list in the org view and remove them.
 
-### How's the flow for service account authentication different from a UI user account?
+### Is the flow for service account authentication different from a UI user account?
 
-It isn't; we don't differentiate the two in product.
+No, we don't differentiate the two in product.
+
+### Is user information visible in Docker Hub?
+
+All Docker accounts have a public profile associated with their namespace. If you don't want user information (for example, full name) to be visible, you can remove those attributes from your SSO and SCIM mappings. Alternatively, you can use a different identifier to replace a user's full name.