Skip to content

dhi: add scanner integration #23952

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
craig-osterhout wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

dhi: add scanner integration #23952

craig-osterhout wants to merge 1 commit into from
+259 −145

Conversation

@craig-osterhout
Copy link
Contributor

@craig-osterhout craig-osterhout commented Jan 9, 2026
edited
Loading

Description

Added topic about scanner integrations and moved conceptual info from how to scan to that topic.
Refreshed how to scan and vex core concept topics.

Pending Wiz updates.

Related issues or tickets

ENGDOCS-3137

Reviews

  • Editorial review
  • Product review

@netlify
Copy link

netlify bot commented Jan 9, 2026
edited
Loading

Deploy Preview for docsdocker ready!

Name Link
🔨 Latest commit 90349ae
🔍 Latest deploy log https://app.netlify.com/projects/docsdocker/deploys/69618edbf47ddc0008bcb64e
😎 Deploy Preview https://deploy-preview-23952--docsdocker.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@craig-osterhout
dhi: add scanner integration
90349ae 
Signed-off-by: Craig Osterhout <craig.osterhout@docker.com>
Bkblodget
Bkblodget reviewed Jan 13, 2026
View reviewed changes
Copy link

@Bkblodget Bkblodget left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

made a few suggestions, overall looks great!

content/manuals/dhi/explore/scanner-integrations.md
- Scanner flexibility: Switch between any VEX-enabled scanner (Docker Scout,
Trivy, Grype, etc.) without losing vulnerability context or rebuilding
exclusion lists.
- Consistent results: All VEX-enabled scanners interpret the same data the
Copy link

@Bkblodget Bkblodget Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would remove "all" here.

"VEX-enabled scanners interpret the same data...."

content/manuals/dhi/explore/scanner-integrations.md
lists to replicate what VEX statements already document.
- Higher false positive rates: Expect to see more reported vulnerabilities
that don't represent real risks.
- Increased investigation time: Security teams spend time researching why
Copy link

@Bkblodget Bkblodget Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This may not be the right place, but when I read this bullet point, I was thinking we could add something like "security experts at docker manage this investigation for you, and thoroughly vet each justification before adding it to a VEX statement."

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Bkblodget Bkblodget Bkblodget left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

area/dhi

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@craig-osterhout @Bkblodget