From 18aa50a82c1db9fcd561b5fec87e7dd0327b3d3b Mon Sep 17 00:00:00 2001
From: Felipe Cruz Martinez <15997951+felipecruz91@users.noreply.github.com>
Date: Tue, 16 Jan 2024 14:25:25 +0100
Subject: [PATCH] Explain explicit property in default non-root user policy
 (#19108)

* Explain explicit property in default non-root user policy

* Apply suggestions from code review

Co-authored-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>

---------

Co-authored-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
---
 content/scout/policy/_index.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/content/scout/policy/_index.md b/content/scout/policy/_index.md
index 66c1780c0d..84a38b2d72 100644
--- a/content/scout/policy/_index.md
+++ b/content/scout/policy/_index.md
@@ -229,6 +229,25 @@ default `root` user. To comply with this policy, images must specify a non-root
 user in the image configuration. Images violate this policy if they don't
 specify a non-root default user for the runtime stage.
 
+For non-compliant images, evaluation results show whether or not the `root`
+user was set explicitly for the image. This helps you distinguish between
+policy violations caused by images where the `root` user is implicit, and
+images where `root` is set on purpose.
+
+The following Dockerfile runs as `root` by default despite not being explicitly set:
+```Dockerfile
+FROM alpine
+RUN echo "Hi"
+```
+
+Whereas in the following case, the `root` user is explicitly set:
+
+```Dockerfile
+FROM alpine
+USER root
+RUN echo "Hi"
+```
+
 > **Note**
 >
 > This policy only checks for the default user of the image, as set in the