From 13980d45cb5f5d74eda2a0ddce8e39caa305b5b0 Mon Sep 17 00:00:00 2001
From: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Date: Wed, 8 Nov 2023 18:38:50 +0100
Subject: [PATCH] build: clarify default image store limitation

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
---
 content/build/attestations/_index.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/content/build/attestations/_index.md b/content/build/attestations/_index.md
index b8c4bed0ae..b2ed9e6939 100644
--- a/content/build/attestations/_index.md
+++ b/content/build/attestations/_index.md
@@ -47,6 +47,19 @@ You can opt in to add either the SBOM or provenance attestation type, or both.
 $ docker buildx build --sbom=true --provenance=true .
 ```
 
+> **Note**
+>
+> The default image store doesn't support attestations. If you're using the
+> default image store and you build an image using the default `docker` driver,
+> or using a different driver with the `--load` flag, the attestations are
+> lost.
+>
+> To make sure the attestations are preserved, you can:
+>
+> - Use a `docker-container` driver with the `--push` flag to push the image to
+>   a registry directly.
+> - Enable the [containerd image store](../../desktop/containerd/_index.md).
+
 > **Note**
 >
 > Provenance attestations are enabled by default, with the `mode=min` option.