Merge pull request #17145 from ChrisChinchilla/chrisward/progs-reorg

Reorganise trusted content pages
This commit is contained in:
Chris Chinchilla 2023-05-09 11:27:43 +02:00 committed by GitHub
commit 68968576df
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 113 additions and 90 deletions

View File

@ -1832,6 +1832,14 @@ manuals:
title: Manage
- path: /docker-hub/official_images/
title: Docker Official images
- sectiontitle: Docker Verified Publisher
section:
- path: /docker-hub/publish/
title: Overview
- path: /docker-hub/publish/insights-analytics/
title: Insights and analytics
- path: /docker-hub/dsos-program/
title: Docker-Sponsored Open Source Program
- path: /docker-hub/download-rate-limit/
title: Download rate limit
- path: /docker-hub/webhooks/
@ -1858,14 +1866,6 @@ manuals:
title: Vulnerability scanning
- path: /docker-hub/image-management/
title: Advanced Image Management
- sectiontitle: Docker Verified Publisher
section:
- path: /docker-hub/publish/
title: Overview
- path: /docker-hub/publish/insights-analytics/
title: Insights and analytics
- path: /docker-hub/dsos-program/
title: Docker-Sponsored Open Source Program
- path: /docker-hub/oci-artifacts/
title: OCI artifacts
- path: /docker-hub/release-notes/

View File

@ -4,51 +4,67 @@ title: Docker-Sponsored Open Source Program
keywords: docker hub, hub, insights, analytics, open source, Docker sponsored, program
---
[Docker Sponsored Open Source images](https://hub.docker.com/search?q=&image_filter=open_source){:target="_blank" rel="noopener" class="_"} are published and maintained by open-source projects sponsored by Docker through the program.
Images that are part of this program have a special badge on Docker Hub making it easier for users to identify projects that Docker has verified as trusted, secure, and active open-source projects.
![Docker-Sponsored Open Source badge](images/sponsored-badge-iso.png)
## For content publishers
The Docker-Sponsored Open Source Program provides several features and benefits to non-commercial open source developers.
The program grants the following perks to eligible projects:
- Verified Docker-Sponsored Open Source badge
- Insights and analytics
- Vulnerability scanning
- Vulnerability analysis
- Removal of rate limiting for developers
- Improved discoverability on Docker Hub
These benefits are valid for one year and can be renewed if your project still meets the program requirements. Program members, and all users pulling public images from your project namespace get access to unlimited pulls and unlimited egress.
These benefits are valid for one year and publishers can renew annually if the project still meets the program requirements. Program members, and all users pulling public images from the project namespace get access to unlimited pulls and unlimited egress.
## Verified Docker-Sponsored Open Source badge
### Verified Docker-Sponsored Open Source badge
Docker verifies that developers can trust images with this badge as an active open source project.
Docker verifies that developers can trust images with this badge on Docker Hub as an active open source project.
![Fluent org with a Docker-Sponsored Open Source badge](images/sponsored-badge.png)
## Insights and analytics
### Insights and analytics
The [insights and analytics](/docker-hub/publish/insights-analytics){:
target="blank" rel="noopener" class=""} service provides usage metrics for how
the community uses your Docker images, and grants you insight into your user's
behavior.
the community uses Docker images, granting insight into user behavior.
The usage metrics show the number of image pulls by tag or by digest, and breakdowns by
geolocation, cloud provider, client, and more.
![The insights and analytics tab on the Docker Hub website](./publish/images/insights-and-analytics-tab.png)
Select the time span you want to view analytics data, and export the data in
either a summary or raw format. The summary format shows you image pulls per
tag, and the raw format lists information about every image pull for the
selected time span. Data points include tag, type of pull, user geolocation,
client tool (user agent), and more.
You can use the view to select the time span you want to view analytics data and export the data in
either a summary or raw format.
## Vulnerability scanning
### Vulnerability analysis
Automatic vulnerability scanning using [Docker Scout](/scout/) for images published to Docker Hub.
Scanning images ensures that the published content is secure, and underlines to
developers that they can trust it. You can enable scanning on a per-repository
[Docker Scout](/scout/){:
target="blank" rel="noopener" class=""} provides automatic vulnerability analysis
for DVP images published to Docker Hub.
Scanning images ensures that the published content is secure, and proves to
developers that they can trust the image.
Analysis is enabled on a per-repository
basis, refer to [vulnerability scanning](/docker-hub/vulnerability-scanning/){:
target="blank" rel="noopener" class=""} for more information about how to use
it.
## Who's eligible for the Docker-Sponsored Open Source program?
> **Note**
>
> Content publishers in the Docker-Sponsored Open Source Program receive 3 free
> Docker Team Seats
To qualify for the program, your project namespace must be shared in public repositories, meet [the Open Source Initiative definition](https://opensource.org/docs/osd), and be in active development with no pathway to commercialization.
### Who's eligible for the Docker-Sponsored Open Source program?
To qualify for the program, a publisher must share the project namespace in public repositories, meet [the Open Source Initiative definition](https://opensource.org/docs/osd), and be in active development with no pathway to commercialization.
Find out more by heading to the
[Docker-Sponsored Open Source Program](https://www.docker.com/community/open-source/application/#){:target="_blank"

Binary file not shown.

After

Width:  |  Height:  |  Size: 8.2 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 84 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 6.6 KiB

View File

@ -35,15 +35,16 @@ Docker Hub is also where you can go to [change your Docker account settings and
* [Repositories](../docker-hub/repos/index.md): Push and pull container images.
* [Docker Official Images](official_images.md): Pull and use high-quality
container images provided by Docker.
* [Docker Verified Publisher Images](publish/index.md): Pull and use high-
quality container images provided by external vendors.
* [Docker-Sponsored Open Source Images](dsos-program.md): Pull and use high-
quality container images from non-commercial open source projects.
* [Docker Verified Publisher Images](publish/index.md): Pull and use high-quality
container images provided by external vendors.
* [Docker-Sponsored Open Source Images](dsos-program.md): Pull and use high-quality
container images from non-commercial open source projects.
* [Builds](builds/index.md): Automatically build container images from
GitHub and Bitbucket and push them to Docker Hub.
* [Webhooks](webhooks.md): Trigger actions after a successful push
to a repository to integrate Docker Hub with other services.
*[Docker Hub CLI](https://github.com/docker/hub-tool#readme){: target="_blank" rel="noopener" class="_"} tool (currently experimental) and an API that allows you to interact with Docker Hub. Browse through the [Docker Hub API](/docker-hub/api/latest/){: target="_blank" rel="noopener" class="_"} documentation to explore the supported endpoints.
* [Docker Hub CLI](https://github.com/docker/hub-tool#readme){: target="_blank" rel="noopener" class="_"} tool (currently experimental) and an API that allows you to interact with Docker Hub.
* Browse through the [Docker Hub API](/docker-hub/api/latest/){: target="_blank" rel="noopener" class="_"} documentation to explore the supported endpoints.
</div>
<div id="features" class="tab-pane fade" markdown="1">

View File

@ -3,49 +3,27 @@ description: Guidelines for Official Images on Docker Hub
keywords: Docker, docker, registry, accounts, plans, Dockerfile, Docker Hub, docs, official,image, documentation
title: Docker Official Images
redirect_from:
- /docker-hub/official_repos/
- /docker-hub/official_repos/
---
The [Docker Official Images](https://hub.docker.com/search?q=&type=image&image_filter=official){:target="_blank" rel="noopener" class="_"} are a
curated set of Docker repositories hosted on Docker Hub. They are
designed to:
curated set of Docker repositories hosted on Docker Hub.
* Provide essential base OS repositories (for example,
[ubuntu](https://hub.docker.com/_/ubuntu/){:target="_blank" rel="noopener" class="_"},
[centos](https://hub.docker.com/_/centos/){:target="_blank" rel="noopener" class="_"}) that serve as the
starting point for the majority of users.
These images provide essential base repositories that serve as the starting point for the majority of users.
* Provide drop-in solutions for popular programming language runtimes, data
stores, and other services, similar to what a Platform as a Service (PAAS)
would offer.
These include operating systems such as [Ubuntu](https://hub.docker.com/_/ubuntu/){:target="_blank" rel="noopener" class="_"} and [Alpine](https://hub.docker.com/_/alpine/){:target="_blank" rel="noopener" class="_"}, programming languages such as [Python](https://hub.docker.com/_/python) and [Node](https://hub.docker.com/_/node), and other essential tools such as [Redis](https://hub.docker.com/_/redis) and [MySQL](https://hub.docker.com/_/mysql).
* Exemplify [`Dockerfile` best practices](/engine/userguide/eng-image/dockerfile_best-practices/)
and provide clear documentation to serve as a reference for other `Dockerfile`
authors.
The images are some of the most secure images on Docker Hub. This is particularly important as Docker Official Images are some of the most popular on Docker Hub. Typically Docker Official images have little or no vulnerabilities.
* Ensure that security updates are applied in a timely manner. This is
particularly important as Docker Official Images are some of the most
popular on Docker Hub.
The images exemplify [`Dockerfile` best practices](/engine/userguide/eng-image/dockerfile_best-practices/) and provide clear documentation to serve as a reference for other `Dockerfile` authors.
Docker, Inc. sponsors a dedicated team that is responsible for reviewing and
publishing all content in the Docker Official Images. This team works in
collaboration with upstream software maintainers, security experts, and the
broader Docker community.
Images that are part of this program have a special badge on Docker Hub making it easier for you to identify projects that are official Docker images.
While it is preferable to have upstream software authors maintaining their
corresponding Docker Official Images, this is not a strict requirement. Creating
and maintaining images for Docker Official Images is a collaborative process. It takes
place openly on GitHub where participation is encouraged. Anyone can provide
feedback, contribute code, suggest process changes, or even propose a new
Official Image.
> **Note**
>
> Docker Official Images are an intellectual property of Docker.
![Docker official image badge](./images/official-image-badge-iso.png)
## When to use Docker Official Images
If you are new to Docker, we recommend that you use the Docker Official Images in your
If you are new to Docker, it's recommend you use the Docker Official Images in your
projects. These images have clear documentation, promote best practices,
and are designed for the most common use cases. Advanced users can
review Docker Official Images as part of your `Dockerfile` learning process.
@ -57,14 +35,14 @@ optimized code. An advanced user could build a custom image with just the
necessary pre-compiled libraries to save space.
A number of language stacks such as
[python](https://hub.docker.com/_/python/) and
[ruby](https://hub.docker.com/_/ruby/) have `-slim` tag variants
[Python](https://hub.docker.com/_/python/) and
[Ruby](https://hub.docker.com/_/ruby/) have `-slim` tag variants
designed to fill the need for optimization. Even when these "slim" variants are
insufficient, it is still recommended to inherit from an Official Image
insufficient, it's still recommended to inherit from an Official Image
base OS image to leverage the ongoing maintenance work, rather than duplicating
these efforts.
## Submitting Feedback for Docker Official Images
## Submitting feedback for Docker Official Images
All Docker Official Images contain a **User Feedback** section in their
documentation which covers the details for that specific repository. In most
@ -72,23 +50,39 @@ cases, the GitHub repository which contains the Dockerfiles for an Official
Repository also has an active issue tracker. General feedback and support
questions should be directed to `#docker-library` on [Libera.Chat IRC](https://libera.chat).
## Creating a Docker Official Image
## For content publishers
Docker, Inc. sponsors a dedicated team that's responsible for reviewing and
publishing all content in Docker Official Images. This team works in
collaboration with upstream software maintainers, security experts, and the
broader Docker community.
While it's preferable to have upstream software authors maintaining their
Docker Official Images, this isn't a strict requirement. Creating
and maintaining images for Docker Official Images is a collaborative process. It takes
place openly on GitHub where participation is encouraged. Anyone can provide
feedback, contribute code, suggest process changes, or even propose a new
Official Image.
> **Note**
>
> Docker Official Images are an intellectual property of Docker.
### Creating a Docker Official Image
From a high level, an Official Image starts out as a proposal in the form
of a set of GitHub pull requests. Detailed and objective proposal
requirements are documented in the following GitHub repositories:
of a set of GitHub pull requests. The following GitHub repositories detail the proposal requirements:
* [docker-library/official-images](https://github.com/docker-library/official-images){:target="_blank" rel="noopener" class="_"}
* [docker-library/docs](https://github.com/docker-library/docs){:target="_blank" rel="noopener" class="_"}
- [docker-library/official-images](https://github.com/docker-library/official-images){:target="_blank" rel="noopener" class="_"}
- [docker-library/docs](https://github.com/docker-library/docs){:target="_blank" rel="noopener" class="_"}
The Docker Official Images team, with help from community contributors, formally
review each proposal and provide feedback to the author. This initial review
process may require a bit of back-and-forth before the proposal is accepted.
There are also subjective considerations during the review process. These
There are subjective considerations during the review process. These
subjective concerns boil down to the basic question: "is this image generally
useful?" For example, the [python](https://hub.docker.com/_/python/){:target="_blank" rel="noopener" class="_"}
useful?" For example, the [Python](https://hub.docker.com/_/python/){:target="_blank" rel="noopener" class="_"}
Docker Official Image is "generally useful" to the larger Python developer
community, whereas an obscure text adventure game written in Python last week is
not.

Binary file not shown.

After

Width:  |  Height:  |  Size: 8.0 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 38 KiB

After

Width:  |  Height:  |  Size: 37 KiB

View File

@ -19,50 +19,62 @@ redirect_from:
- /docker-hub/publish/publisher-center-migration/
---
The Verified Publisher Program provides several features and benefits to Docker
[The Docker Verified Publisher Program](https://hub.docker.com/search?q=&image_filter=store){:target="_blank" rel="noopener" class="_"} provides high-quality images from commercial publishers verified by Docker.
These images help development teams build secure software supply chains, minimizing exposure to malicious content early in the process to save time and money later.
Images that are part of this program have a special badge on Docker Hub making it easier for users to identify projects that Docker has verified as high-quality commercial publishers.
![Docker-Sponsored Open Source badge](./images/verified-publisher-badge-iso.png)
## For content publishers
The Docker Verified Publisher Program (DVP) provides several features and benefits to Docker
Hub publishers. The program grants the following perks based on participation tier:
- Verified publisher badge
- Priority search ranking in Docker Hub
- Insights and analytics
- Vulnerability scanning
- Vulnerability analysis
- Additional Docker Business seats
- Removal of rate limiting for developers
- Co-marketing opportunities
## Verified publisher badge
### Verified publisher badge
The verified publisher badge signals high quality, and trust, to developers.
Images from publishers with this badge are verified as high quality, and that users can trust the content.
Images that are part of this program have a badge on Docker Hub making it easier for developers
to identify projects that Docker has verified as high quality publishers and with content they can trust.
![Docker, Inc. org with a verified publisher badge](./images/verified-publisher-badge.png)
## Insights and analytics
### Insights and analytics
The [insights and analytics](/docker-hub/publish/insights-analytics){:
target="blank" rel="noopener" class=""} service provides usage metrics for how
the community uses your Docker images, and grants you insight into your user's
behavior.
the community uses Docker images, granting insight into user behavior.
The usage metrics show the number of image pulls by tag or by digest, and breakdowns by
geolocation, cloud provider, client, and more.
![The insights and analytics tab on the Docker Hub website](./images/insights-and-analytics-tab.png)
You can use the view to select the time span you want to view analytics data and export the data in
either a summary or raw format.
The summary format shows image pulls per tag, and the raw format lists information about every image pull for the
selected time span. Data points include tag, type of pull, user geolocation, client tool (user agent), and more.
## Vulnerability scanning
### Vulnerability analysis
[Docker Scout](/scout/){:
target="blank" rel="noopener" class=""} provides automatic vulnerability scanning for DVP images published to Docker Hub.
target="blank" rel="noopener" class=""} provides automatic vulnerability analysis
for DVP images published to Docker Hub.
Scanning images ensures that the published content is secure, and proves to
developers that they can trust the image. You can enable scanning on a per-repository
developers that they can trust the image.
Analysis is enabled on a per-repository
basis, refer to [vulnerability scanning](/docker-hub/vulnerability-scanning/){:
target="blank" rel="noopener" class=""} for more information about how to use
it.
## Who's eligible to become a verified publisher?
### Who's eligible to become a verified publisher?
Any independent software vendor who distributes software on Docker Hub can join
the Verified Publisher Program. Find out more by heading to the