docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Revising antiquated product references, deleting incorrect statements (#1152) 

https://github.com/docker/docs-private/issues/1151
* Docker Store references
* Incorrect DCI references
* Docker Enterprise Edition references
* Removing "Private repo" requirement which is _not actually true and has mislead / frustrated many partners_
* Removing SLA - This has never been enforced, to the extent that we don't even have Certification requirements around resolving the CVE's anymore!
* Deleted DCI reference, because it is wildly inaccurate :)
* Program Guide URL
* Listing fee is a lie.. we've kept that up for 3+ years, time to let it go!
* Removing old versioning which is irrelevant 2 years later..

Just a note... much of this look extremely redundant with the Publisher FAQ's. Also, there's no link to this page at all within the doc's tree. There's only a lone link to it at the end of another doc's section.. not sure if this page was intended to be shut down? If not, we ought to get it pulled back into the tree again.
This commit is contained in:
Brady Smith 2019-06-07 15:22:39 -07:00 committed by Maria Bermudez
parent 67b9804f69
commit 37b29f257b
1 changed files with 27 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
docker-hub/publish/publish.md
View File

@ -8,32 +8,28 @@ redirect_from:
## Permitted content and support options
* Content that runs on a Docker Enterprise Edition (Docker Certified
Infrastructure) may be published in the Store. This content may also qualify
to become a Docker Certified Container or Plugin image and be backed by
collaborative Docker/Publisher support
* Content that runs on Docker Enterprise may be published on Docker Hub under a Verified Publisher profile. This content may also qualify
to become a Docker Certified Container or Plugin image, and thus backed by
collaborative Docker/Publisher support.
* Content that runs on the Docker Community Edition may be published in the
Store, but is not supported by Docker nor is it eligible for certification.
* Content that runs on the Docker Community may be published in Docker Hub, but is not supported by Docker nor is it eligible to become Certified.
* Content that requires a non Certified Infrastructure environment may not be
published in the Store.
published.
| If your content: | Can publish on Store | Can be certified and supported by Docker | Supported by publisher |
| If your content: | Can publish | Can be Certified | Supported by publisher |
|:-----|:--------|:------|:-----|
| Works on Docker Enterprise Edition | YES | YES | Required |
| Works on Docker Community Edition | YES | NO | Optional |
| Works on Docker Enterprise | YES | YES | Required |
| Works on Docker Community | YES | NO | Optional |
| Does not work on Docker Certified Infrastructure | NO | N/A | N/A |
## Onboarding
The Docker Hub publishing process begins from the landing page: sign in with
your Docker ID and specify a product name and image source from a private
repository. Your product images must be stored in private repositories of Docker
Cloud and/or Hub as they serve as an internal staging area from which you can
revise and submit content for review.
your Docker ID and specify a product name and image source from a private or public
repository.
After specifying a source, provide the content-manifest items to populate your
product details page. These items include logos, descriptions, and licensing and
@ -127,7 +123,7 @@ of your product, keep your images up-to-date:
`apt-get install ...` pull the latest versions of dependencies, which may
include security fixes.
## Create and maintain your publisher profile in the Store
## Create and maintain your Verified Publisher profile
Let the Docker community know who you are. Add your details, your company
story, and what you do. At the very minimum, we require:
@ -136,12 +132,12 @@ story, and what you do. At the very minimum, we require:
* Company website
* Phone number
* Valid company email
* Company icon/logo (square; at least 512x512px
* Company icon/logo (square; at least 512x512px)
## Prepare your image-manifest materials
You must provide the namespace (including repository and tags) of a private
You must provide the namespace (including repository and tags) of a private or public
repository on Docker Hub that contains the source for your product.
This repository path is not shown to users, but the repositories you choose
determine the Product Tiers available for customers to download.
@ -160,18 +156,17 @@ discoverable:
9. Product tier description
10. Product tier price
11. Installation instructions
12. Link to license agreements
12. Link to, or text of, license agreements
### How the manifest information is displayed in the UI
This is an approximate representation. We frequently make enhancements to the
look and some elements might shift around.
This is an approximate representation, and some elements might shift around as we make enhancements.
![manifest information displayed on store UI](images/subscribed.png)
## Support your users
Docker users who download your content from the Store might need your help
Docker users who download your content might need help
later, so be prepared for questions! The information you provide with your
submission saves support time in the future.
@ -183,14 +178,13 @@ there self-help or troubleshooting resources available?
### Support SLA
Include a Service Level Agreement (SLA) for each image you're offering for the
Store. An SLA is your commitment to your users about the nature and level of
Include a Service Level Agreement (SLA) for each image you're offering. An SLA is your commitment to your users about the nature and level of
support you provide to them. Make sure your SLA includes support hours and
response-time expectations, where applicable.
## Security and audit policies
Docker Hub [scans](#docker-security-scanning) your official images for
Docker Hub [scans](#docker-security-scanning) your content for
vulnerabilities with the Docker Security Scanning tool, and
[audits](#usage-audit-and-reporting) consumer activity of your images to provide
you intelligence about the use of your product.
@ -285,15 +279,6 @@ To interpret the results of a scanned image:
National Vulnerability Database (NVD) provides CVSS scores for
almost all known vulnerabilities.
* Docker classifies the severity of issues per CVSS range, Docker classification,
and service level agreement (SLA) as follows.
| CVSS range | Docker classification | SLA for fixing issues |
|:-----|:--------|:------|
| 7.0 to 10.0 | Critical | Within 72 hours of notification |
| 4.0 to 6.9 | Major | Within 7 days of notification |
| 0.1 to 3.9 | Minor | No SLA. Best-effort to fix or address in documentation. |
* In addition to CVSS, the Docker Security team can identify or classify
vulnerabilities that need to be fixed, and categorize them in the
minor-to-critical range.
@ -304,14 +289,6 @@ To interpret the results of a scanned image:
* If you use Dockers Scanning Service, you can subscribe to a notification
service for new vulnerabilities.
* Failure to meet above SLAs may cause the listing to be put on “hold”.
* A warning label shows up on the marketplace listing. An email is sent to the
users who have downloaded and subscribed for notifications.
* A Repos listing can stay in the "hold" state for a maximum of 1 month, after
which the listing is revoked.
### Usage audit and reporting
Unless otherwise negotiated, an audit of activity on publisher content is
@ -330,7 +307,7 @@ There are three types of certification that appear in Docker Hub.
![certified container badge](images/certified_container.png)
Certifies that a container image on Docker Hub has been tested; complies best
practices guidelines; runs on a Docker Certified Infrastructure; has proven
practices guidelines; runs on Docker Certified Infrastructure; has proven
provenance; been scanned for vulnerabilities; and is supported by Docker and the
content publisher
@ -341,12 +318,6 @@ access system level Docker APIs. Docker Certified Plugins provide the same level
of assurance as a Docker Certified Container, but go further by having passed an
additional suite of API compliance testing.
![certified plugins badge](images/certified_infrastructure.png)
Indicates that the release of the Docker Edition and the underlying platform
have been tested together and are supported in combination by both Docker and
the partner.
### Docker Certified Publisher FAQ
#### What is the Docker Certified program?
@ -354,16 +325,12 @@ the partner.
Docker Certified Container images and plugins are meant to differentiate high
quality content on Docker Hub. Customers can consume Certified Containers with
confidence knowing that both Docker and the publisher stands behind the
solution. Further details can be found in the
[Docker Partner Program Guide](https://www.docker.com/partnerprogramguide){: target="_blank" class="_"}.
solution. Further details and an application can be [found here.](https://goto.docker.com/2019-Partner-Program-Technology.html){: target="_blank" class="_"}.
#### What are the benefits of Docker Certified?
Docker Hub promotes Docker Certified Containers and Plugins running on Docker
Certified Infrastructure trusted and high quality content. With over 8B image
pulls and access to Dockers large customer base, a publisher can differentiate
their content by certifying their images and plugins. With a revenue share
agreement, Docker can be a channel for your content. The Docker Certified badge
Certified Infrastructure trusted and high quality content. The Docker Certified badge
can also be listed alongside external references to your product.
#### How is the Docker Certified Container image listed on Docker Hub?
@ -376,7 +343,7 @@ search parameters to show only certified content.
#### Is certification optional or required?
Certification is recommended for most commercial and supported container images.
Certification is recommended for all commercial and supported container images.
Free, community, and other commercial (non-certified) content may also be listed
on Docker Hub.
@ -384,10 +351,9 @@ on Docker Hub.
#### How is support handled?
All Docker Certified Container images and plugins running on Docker Certified
Infrastructure come with SLA based support provided by the publisher and Docker.
All Docker Certified Container images and plugins running on Docker Enterprise come with support provided directly by the publisher, under your existing SLA.
Normally, a customer contacts the publisher for container and application level
issues. Likewise, a customer contacts Docker for Docker Edition support. In the
issues. Likewise, a customer contacts Docker for Docker Enterprise support. In the
case where a customer calls Docker (or vice versa) about an issue on the
application, Docker advises the customer about the publisher support process and
performs a handover directly to the publisher if required. TSAnet is required
@ -396,42 +362,15 @@ for exchange of support tickets between the publisher and Docker.
#### How does a publisher apply to the Docker Certified program?
Start by applying to be a [Docker Technology
Partner](https://goto.docker.com/partners){: target="_blank" class="_"}
* Requires acceptance of partnership agreement for completion
* Identify commercial content that can be listed on Store and includes a support
offering
* Test your image against the Docker CS Engine 1.12+ or on a Docker Certified
Infrastructure version 17.03 and above (Plugins must run on 17.03 and above)
* Submit your image for Certification through the publisher portal. Docker
scans the image and works with you to address vulnerabilities. Docker also
conducts a best practices review of the image.
* Be a [TSAnet](https://www.tsanet.org/){: target="_blank" class="_"} member or
join the Docker Limited Group.
* Upon completion of Certification criteria, and acceptance by
Docker, the Publishers product page is updated to reflect Certified status.
#### Is there a fee to join the program?
In the future, Docker may charge a small annual listing fee. This is waived for
the initial period.
Partner](https://goto.docker.com/2019-Partner-Program-Technology.html){: target="_blank" class="_"}
#### What is the difference between Official Images and Docker Certified?
Many Official images transition to the Docker Certified program and are
maintained and updated by the original owner of the software. Docker
continues to maintain some of the base OS images and language frameworks.
Official Images is a program sponsored by Docker for the curation and packaging of Open Source Software. While upstream vendors are sometimes involved, this is not always the case. Docker Certified content is explicitly provided, maintained, and supported directly by the ISV.
#### How is certification of plugins handled?
Docker Certification program recognizes the need to apply special scrutiny and
testing to containers that access system level interfaces like storage volumes
and networking. Docker identifies these special containers as “Plugins” which
require additional testing by the publisher or Docker. These plugins employ the
V2 Plugin Architecture that was first made available in 1.12 (experimental) and
now available in Docker Enterprise Edition 17.03
require additional testing by the publisher or Docker.