Merge pull request #18436 from dvdksn/scout-advisory-streams

scout: advisory stream updates

.github/vale/Vocab/Technology/accept.txt

@@ -117,6 +117,7 @@ macvlan
 mfsymlinks
 minikube
 musl
+npm
 osquery
 osxfs
 paravirtualization

content/scout/advisory-db-sources.md

@@ -21,9 +21,10 @@ advisory database and CVE-to-package matching service works.
 Docker Scout creates and maintains its vulnerability database by ingesting and
 collating vulnerability data from multiple sources continuously. These
 sources include many recognizable package repositories and trusted security
-trackers, such as:
+trackers, including:
 
 - [Alpine secdb](https://secdb.alpinelinux.org/)
+- [AlmaLinux Security Advisory](https://errata.almalinux.org/)
 - [Amazon Linux Security Center](https://alas.aws.amazon.com/)
 - [CISA Known Exploited Vulnerability
   Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
@@ -39,29 +40,30 @@ trackers, such as:
 - [Python Packaging Advisory
   Database](https://github.com/pypa/advisory-database)
 - [RedHat Security Data](https://www.redhat.com/security/data/metrics/)
+- [Rocky Linux Security Advisory](https://errata.rockylinux.org/)
 - [RustSec Advisory Database](https://github.com/rustsec/advisory-db)
 - [SUSE Security CVRF](http://ftp.suse.com/pub/projects/security/cvrf/)
 - [Ubuntu CVE Tracker](https://people.canonical.com/~ubuntu-security/cve/)
 - [Wolfi Security Feed](https://packages.wolfi.dev/os/security.json)
 - [Chainguard Security Feed](https://packages.cgr.dev/chainguard/security.json)
 
-Docker Scout correlates this data by making a full inventory of a container
+Docker Scout correlates the vulnerability data from these advisories with the
-image and storing that inventory in a [software bill of materials
+Software Bill of Materials (SBOM) of container images to detect what
-(SBOM)](https://ntia.gov/sites/default/files/publications/sbom_at_a_glance_apr2021_0.pdf).
+vulnerabilities affect an image. The SBOM summarizes the contents of an image,
+and Docker Scout stores the SBOM in its database.
 
-The SBOM summarizes the contents of the image and how the contents got there
+When there is information about a new vulnerability, Docker Scout correlates
-meaning that when there is information about a new vulnerability, Docker Scout
+the vulnerable package with the SBOMs in the database to identify affected
-correlates it with the SBOM. If Docker Scout finds a match for a vulnerability,
+images.
-it can identify the artifact that’s now vulnerable, why, and where it’s in use.
 
-When a customer enrolls with Docker Scout, the organization receives their own
+When you enable Docker Scout for your organization, you receive your own
-instance of the database. This database tracks timestamped metadata about your
+instance of the database. The database tracks timestamped metadata about your
 images that Docker Scout can then match to CVEs. Find more details on how this
 works in the [image analysis page](./image-analysis.md).
 
-Docker Scout is ideal for analyzing images in Docker Desktop and Docker Hub, but
+Docker Scout image analysis integrates seamlessly with Docker Desktop and
-the flexibility of the approach also means it can integrate with other systems,
+Docker Hub, and you can also enable integrations with other systems, see
-see [Integrating Docker Scout with other systems](./integrations/index.md).
+[Integrating Docker Scout with other systems](./integrations/index.md).
 
 ## How Docker Scout makes more precise matches
 
@@ -77,7 +79,7 @@ cpe:<cpe_version>:<part>:<vendor>:<product>:<version>:<update>:<edition>:<langua
 ```
 
 For example `cpe:*:*:*:calendar:*:*:*:*:*:*:*` returns a match on anything with
-the product name “calendar”. If there is a vulnerability present in an NPM
+the product name “calendar”. If there is a vulnerability present in an npm
 package, this CPE match would also return packages and modules for all other
 languages too.