From 7b9471d4b2dd3a34bf39a2766ec393eb2c4be40b Mon Sep 17 00:00:00 2001
From: Albert Tanure <tanure@live.com>
Date: Wed, 23 Apr 2025 23:28:06 +0200
Subject: [PATCH] Add: Add quickstart.md improvements (#22272)

## Description

I did some improvements to the quickstart.md file, adding images and
improve some descriptions to be albe to helo learners to find the
references mentioned in the file.

## Related issues or tickets

No related issues or ticket.

## Reviews

<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->

- [ ] Technical review
- [ ] Editorial review
- [ ] Product review

---------

Co-authored-by: Craig Osterhout <103533812+craig-osterhout@users.noreply.github.com>
---
 content/manuals/scout/quickstart.md | 28 +++++++++++++++-------------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/content/manuals/scout/quickstart.md b/content/manuals/scout/quickstart.md
index 86d58151ea..7a1da8ae02 100644
--- a/content/manuals/scout/quickstart.md
+++ b/content/manuals/scout/quickstart.md
@@ -84,10 +84,9 @@ Learn more about the `docker scout cves` command in the
 
 ## Step 4: Fix application vulnerabilities
 
-The fix suggested by Docker Scout is to update
-the underlying vulnerable express version to 4.17.3 or later.
+After the Docker Scout analysis, a high vulnerability CVE-2022-24999 was found, caused by an outdated version of the **express** package.
 
-1. Update the `package.json` file with the new package version.
+The version 4.17.3 of the express package fixes the vulnerability. Therefore, update the `package.json` file to the new version:
 
    ```diff
       "dependencies": {
@@ -95,15 +94,14 @@ the underlying vulnerable express version to 4.17.3 or later.
    +    "express": "4.17.3"
       }
    ```
-
-2. Rebuild the image with a new tag and push it to your Docker Hub repository:
+   
+Rebuild the image with a new tag and push it to your Docker Hub repository:
 
    ```console
    $ docker build --push -t <ORG_NAME>/scout-demo:v2 .
    ```
 
-Now, viewing the latest tag of the image in Docker Desktop, the Docker Scout
-Dashboard, or CLI, you can see that you have fixed the vulnerability.
+Run the `docker scout` command again and verify that HIGH CVE-2022-24999 is no longer present:
 
 ```console
 $ docker scout cves --only-package express
@@ -154,7 +152,7 @@ $ docker scout config organization <ORG_NAME>
 
 Now you can run the `quickview` command to get an overview
 of the compliance status for the image you just built.
-The image is evaluated against the default policy configurations.
+The image is evaluated against the default policy configurations. You'll see output similar to the following:
 
 ```console
 $ docker scout quickview
@@ -209,7 +207,7 @@ The classic image store doesn't support manifest lists,
 which is how the provenance attestations are attached to an image.
 
 Open **Settings** in Docker Desktop. Under the **General** section, make sure
-that the **Use containerd for pulling and storing images** option is checked.
+that the **Use containerd for pulling and storing images** option is checked, then select **Apply & Restart**.
 Note that changing image stores temporarily hides images and containers of the
 inactive image store until you switch back.
 
@@ -230,7 +228,9 @@ results through a different lens: the Docker Scout Dashboard.
 3. Select **Images** in the left-hand navigation.
 
 The images page lists your Scout-enabled repositories.
-Select the image in the list to open the **Image details** sidebar.
+
+Select the row for the image you want to view, anywhere in the row except on a link, to open the **Image details** sidebar.
+
 The sidebar shows a compliance overview for the last pushed tag of a repository.
 
 > [!NOTE]
@@ -239,13 +239,15 @@ The sidebar shows a compliance overview for the last pushed tag of a repository.
 > It might take a few minutes before the results appear if this is your
 > first time using the Docker Scout Dashboard.
 
-Inspect the **Up-to-Date Base Images** policy.
+Go back to the image list and select the image version, available in the **Most recent image** column.
+Then, at the top right of the page, select the **Update base image** button to inspect the policy.
+
 This policy checks whether base images you use are up-to-date.
 It currently has a non-compliant status,
 because the example image uses an old version `alpine` as a base image.
 
-Select the **View fix** button next to the policy name for details about the violation,
-and recommendations on how to address it.
+Close the **Recommended fixes for base image** modal. In the policy listing, select **View fixes** button, next to the policy name for details about the violation, and recommendations on how to address it.
+
 In this case, the recommended action is to enable
 [Docker Scout's GitHub integration](./integrations/source-code-management/github.md),
 which helps keep your base images up-to-date automatically.