diff --git a/.markdownlint.json b/.markdownlint.json index d4f79bb5d..e4df3c8ee 100644 --- a/.markdownlint.json +++ b/.markdownlint.json @@ -12,5 +12,6 @@ "no-reversed-links": true, "reference-links-images": { "shortcut_syntax": true - } + }, + "fenced-code-language": true } diff --git a/content/billing/scout-billing.md b/content/billing/scout-billing.md index 0752399a7..e115289ea 100644 --- a/content/billing/scout-billing.md +++ b/content/billing/scout-billing.md @@ -46,13 +46,37 @@ Once your purchase is complete, you receive a confirmation email and a copy of y ## Manage your subscription -To access your subscription details, go to the **Billing** section for your personal account or organization that's subscribed. In the **Docker Scout Team** section, select **Change plan** to go to the billing details portal. In the billing details portal, you can find your renewal date, invoice history, or cancel your plan. +To access your subscription details, go to the **Billing** section for your personal account or organization that's subscribed. In the **Docker Scout Team** section, select **Change plan** to go to the billing details portal. In the billing details portal, you can find your renewal date, invoice history, payment methods, or cancel your plan. -Renewals charge to the original credit card used to buy Docker Scout Team. +Renewals charge to the original credit card used to buy Docker Scout Team. You can manage your payment methods in the billing details portal. ### Update number of repositories for your subscription -To add or remove the number of repositories associated with your subscription, [contact support](https://hub.docker.com/support/contact?topic=Billing&subtopic=Upgrade%20subscription&subject=I%20would%20like%20to%20change%20my%20Scout%20repository%20limit&description=to%20X%20repositories). +You can add or remove the number of repositories associated with your subscription. + +To add repositories: + +1. In Docker Hub, select **Organizations**. +2. Select the organization namespace. +3. Select the **Billing** tab to find your active Docker Scout plan. +4. Select **Add repositories**. +5. Enter the number of repositories you want to add, then select **Purchase**. + +This purchase charges your default payment method. + +To remove repositories: + +1. In Docker Hub, select **Organizations**. +2. Select the organization namespace. +3. Select the **Billing** tab to find your active Docker Scout plan. +4. Select **Remove repositories**. +5. Enter the number of repositories you want to remove, then select **Remove**. + +The number of repositories updates on your next billing cycle. + +> **Note** +> +> You can't add repositories while repository removal is pending. You can add repositories again during the next billing cycle. ### Cancel your subscription diff --git a/content/compose/release-notes.md b/content/compose/release-notes.md index aaa1b9174..317f44647 100644 --- a/content/compose/release-notes.md +++ b/content/compose/release-notes.md @@ -3314,7 +3314,8 @@ Thanks @ryanbrainard and @d11wtq! For example, if you have a `web` service which depends on a `db` service, `fig run web ...` will start the `db` service. - Environment variables can now be resolved from the environment that Fig is running in. Just specify it as a blank variable in your `fig.yml` and, if set, it'll be resolved: - ``` + + ```yaml environment: RACK_ENV: development SESSION_SECRET: @@ -3322,7 +3323,7 @@ Thanks @ryanbrainard and @d11wtq! - `volumes_from` is now supported in `fig.yml`. All of the volumes from the specified services and containers will be mounted: - ``` + ```yaml volumes_from: - service_name - container_name @@ -3330,7 +3331,7 @@ Thanks @ryanbrainard and @d11wtq! - A host address can now be specified in `ports`: - ``` + ```yaml ports: - "0.0.0.0:8000:8000" - "127.0.0.1:8001:8001" diff --git a/content/desktop/hardened-desktop/settings-management/configure.md b/content/desktop/hardened-desktop/settings-management/configure.md index 901c8ffc4..f6225371f 100644 --- a/content/desktop/hardened-desktop/settings-management/configure.md +++ b/content/desktop/hardened-desktop/settings-management/configure.md @@ -22,7 +22,7 @@ Settings Management is designed specifically for organizations who don’t give You can either use the `--admin-settings` installer flag on [macOS](../../install/mac-install.md#install-from-the-command-line) or [Windows](../../install/windows-install.md#install-from-the-command-line) to automatically create the `admin-settings.json` and save it in the correct location, or set it up manually. To set it up manually: -1. Create a new, empty JSON file and name it `admin-settings`. +1. Create a new, empty JSON file and name it `admin-settings.json`. 2. Save the `admin-settings.json` file on your developers' machines in the following locations: - Mac: `/Library/Application\ Support/com.docker.docker/admin-settings.json` diff --git a/content/docker-hub/download-rate-limit.md b/content/docker-hub/download-rate-limit.md index abfe59397..7b4e49feb 100644 --- a/content/docker-hub/download-rate-limit.md +++ b/content/docker-hub/download-rate-limit.md @@ -41,7 +41,7 @@ manifest requests. When you issue a pull request and you are over the limit, Docker Hub returns a `429` response code with the following body when the manifest is requested: -``` +```text You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limits ``` @@ -51,7 +51,7 @@ This error message appears in the Docker CLI or in the Docker Engine logs. Valid API requests to Hub usually include the following rate limit headers in the response: -``` +```text ratelimit-limit ratelimit-remaining docker-ratelimit-source diff --git a/content/get-started/02_our_app.md b/content/get-started/02_our_app.md index 69532b437..39b9f3864 100644 --- a/content/get-started/02_our_app.md +++ b/content/get-started/02_our_app.md @@ -31,7 +31,7 @@ Before you can run the application, you need to get the application source code 2. View the contents of the cloned repository. You should see the following files and sub-directories. - ``` + ```text ├── getting-started-app/ │ ├── package.json │ ├── README.md @@ -185,4 +185,4 @@ Related information: Next, you're going to make a modification to your app and learn how to update your running application with a new image. Along the way, you'll learn a few other useful commands. -{{< button text="Update the application" url="03_updating_app.md" >}} \ No newline at end of file +{{< button text="Update the application" url="03_updating_app.md" >}} diff --git a/content/get-started/06_bind_mounts.md b/content/get-started/06_bind_mounts.md index 64355e719..66f0d8741 100644 --- a/content/get-started/06_bind_mounts.md +++ b/content/get-started/06_bind_mounts.md @@ -122,7 +122,7 @@ setting, see the topic for [Mac](../desktop/settings/mac.md/#file-sharing), 7. Open the `getting-started-app` directory on the host and observe that the `myfile.txt` file is in the directory. - ``` + ```text ├── getting-started-app/ │ ├── Dockerfile │ ├── myfile.txt diff --git a/content/get-started/08_using_compose.md b/content/get-started/08_using_compose.md index 3581c0258..058b7770f 100644 --- a/content/get-started/08_using_compose.md +++ b/content/get-started/08_using_compose.md @@ -18,16 +18,16 @@ on GitHub/GitLab doing exactly this now. In the `getting-started-app` directory, create a file named `compose.yaml`. - ``` - ├── getting-started-app/ - │ ├── Dockerfile - │ ├── compose.yaml - │ ├── node_modules/ - │ ├── package.json - │ ├── spec/ - │ ├── src/ - │ └── yarn.lock - ``` +```text +├── getting-started-app/ +│ ├── Dockerfile +│ ├── compose.yaml +│ ├── node_modules/ +│ ├── package.json +│ ├── spec/ +│ ├── src/ +│ └── yarn.lock +``` ## Define the app service @@ -286,4 +286,4 @@ Related information: Next, you'll learn about a few best practices you can use to improve your Dockerfile. -{{< button text="Image-building best practices" url="09_image_best.md" >}} \ No newline at end of file +{{< button text="Image-building best practices" url="09_image_best.md" >}} diff --git a/content/network/network-tutorial-standalone.md b/content/network/network-tutorial-standalone.md index 1b4f4dc45..80d63f0f0 100644 --- a/content/network/network-tutorial-standalone.md +++ b/content/network/network-tutorial-standalone.md @@ -604,7 +604,7 @@ connected to both networks. 9. Stop and remove all containers and the `alpine-net` network. - ``` + ```console $ docker container stop alpine1 alpine2 alpine3 alpine4 $ docker container rm alpine1 alpine2 alpine3 alpine4 @@ -620,4 +620,4 @@ you might want to run through these other networking tutorials: - [Host networking tutorial](network-tutorial-host.md) - [Overlay networking tutorial](network-tutorial-overlay.md) -- [Macvlan networking tutorial](network-tutorial-macvlan.md) \ No newline at end of file +- [Macvlan networking tutorial](network-tutorial-macvlan.md) diff --git a/content/scout/advisory-db-sources.md b/content/scout/advisory-db-sources.md index db70cdb5e..7b2532947 100644 --- a/content/scout/advisory-db-sources.md +++ b/content/scout/advisory-db-sources.md @@ -76,7 +76,7 @@ This can return a lot of false positives which you need to triage. The typical structure of a CPE match looks like this: -``` +```text cpe:::::::::::: ``` @@ -93,7 +93,7 @@ identify the relevant packages with far less false positives. Continuing this example, a PURL can match the specific package name to a language and version. -``` +```text pkg:npm/calendar@12.0.2 ``` diff --git a/content/scout/policy/_index.md b/content/scout/policy/_index.md index 7f8a7c9f2..7a4d8e351 100644 --- a/content/scout/policy/_index.md +++ b/content/scout/policy/_index.md @@ -52,12 +52,13 @@ open-source licenses. ## Default policies -Docker Scout ships the following three out-of-the-box policies: +Docker Scout ships the following out-of-the-box policies: - [Critical and high vulnerabilities with fixes](#critical-and-high-vulnerabilities-with-fixes) - [Critical vulnerabilities](#critical-vulnerabilities) - [Packages with AGPLv3, GPLv3 licenses](#packages-with-agplv3-gplv3-licenses) - [Base images not up-to-date](#base-images-not-up-to-date) +- [High-profile vulnerabilities](#high-profile-vulnerabilities) These policies are turned on by default for Scout-enabled repositories. There's currently no way to turn off or configure these policies. @@ -121,3 +122,16 @@ To make sure that Docker Scout always knows about your base image, you can attach [provenance attestations](../../build/attestations/slsa-provenance.md) at build-time. Docker Scout uses provenance attestations to find out the base image version. + +### High-profile vulnerabilities + +This policy requires that your artifacts don't contain vulnerabilities from +Docker Scout’s curated list. This list is kept up-to-date with newly disclosed +vulnerabilities that are widely recognized to be risky. + +The list includes the following vulnerabilities: + +- [CVE-2014-0160 (OpenSSL Heartbleed)](https://scout.docker.com/v/CVE-2014-0160) +- [CVE-2021-44228 (Log4Shell)](https://scout.docker.com/v/CVE-2021-44228) +- [CVE-2023-38545 (cURL SOCKS5 heap buffer overflow)](https://scout.docker.com/v/CVE-2023-38545) +- [CVE-2023-44487 (HTTP/2 Rapid Reset)](https://scout.docker.com/v/CVE-2023-44487) diff --git a/content/single-sign-on/users-faqs.md b/content/single-sign-on/users-faqs.md index 6dded76dd..784253fc5 100644 --- a/content/single-sign-on/users-faqs.md +++ b/content/single-sign-on/users-faqs.md @@ -81,8 +81,12 @@ We only support one email per user on the Docker platform. ### How can I remove invitees to the org who haven't signed in? -They can go to the invitee list in the org view and remove them. +You can go to the invitee list in the org view and remove them. -### How's the flow for service account authentication different from a UI user account? +### Is the flow for service account authentication different from a UI user account? -It isn't; we don't differentiate the two in product. \ No newline at end of file +No, we don't differentiate the two in product. + +### Is user information visible in Docker Hub? + +All Docker accounts have a public profile associated with their namespace. If you don't want user information (for example, full name) to be visible, you can remove those attributes from your SSO and SCIM mappings. Alternatively, you can use a different identifier to replace a user's full name.