Updates to docs-success content merge (#5162)

* updates to docs-success content merge Signed-off-by: Victoria Bialas <victoria.bialas@docker.com> * topic heading levels Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>
2017-10-27 22:25:33 -07:00 · 2017-10-27 22:25:33 -07:00 · 8085d8dbcf
parent ae01237488
commit 8085d8dbcf
5 changed files with 158 additions and 521 deletions
--- a/_data/toc.yaml
+++ b/_data/toc.yaml
@ -2945,11 +2945,11 @@ manuals:
  - path: /docker-store/
    title: Docker Store overview
  - path: /docker-store/publish/
-    title: Submit a product to Docker Store
+    title: Publish content on Docker Store
-  - title: Docker Store Trust Chain
+  - path: /docker-store/trustchain/
-    path: /docker-store/trustchain/
+    title: Docker Store Trust Chain
  - path: /docker-store/faq/
-    title: Docker Store FAQs
+    title: Consumer FAQs
 - sectiontitle: Release notes
  section:
    - path: /release-notes/
--- a/docker-store/faq.md
+++ b/docker-store/faq.md
@ -1,7 +1,7 @@
 ---
 description: Docker Store frequently asked questions
 keywords: Docker, docker, store, purchase images
-title: Docker Store frequently asked questions (FAQ)
+title: Consumer FAQs
 ---
 ### How do I log in to the Docker Store?
--- a/docker-store/index.md
+++ b/docker-store/index.md
@ -67,379 +67,8 @@ Docker Hub either at their discretion or upon license acceptance, at the
 publisher’s discretion.  You agree that you will not charge customers for any
 Free Content by making it available for purchase outside of the Docker Store.
-## Publishing Content on the Docker Store
+## What's next?
-### Permitted Content and Support Options
+* To learn about submitting products and content to Docker Store, see the [publishers guide](publish.md).
-* Content that runs on a Docker Enterprise Edition (i.e. Docker Certified
+* To learn about using Docker Store to download content, see the [consumer FAQs](faq.md).
 Infrastructure) may be published in the Store.  This content may also qualify to
 become a Docker Certified Container or Plugin image and be backed by
 collaborative Docker/Publisher support
 * Content that runs on the Docker Community Edition may be published in  the
 Store, but will not be supported by Docker nor is it eligible for certification.
 * Content that requires a non Certified Infrastructure environment may not be
 published in the Store.
 | If your content: | Can publish on Store  | Can be certified and supported by Docker | Supported by publisher |
 |:-----|:--------|:------|:-----|
 | Works on Docker Edition  | YES | YES |  Required |                                                
 | Works on Docker Edition  | YES | NO  |  Optional |  
 | Does not work on Docker Certified Infrastructure | NO                       |   N/A       |    N/A     |
 ### Onboarding
 The publishing process for the Docker Store is straightforward, and can be
 initiated from the landing page.  You can sign in with your Docker ID, and
 specify a product name and image source from a private repository.  We require
 that your product images are stored in private repositories via Docker Cloud
 and/or Hub, as they serve as an internal staging area from which you can revise
 and submit content for review.
 Once you specify a private-repository source for your product, you can provide
 the content-manifest items to populate your product’s details page.  These items
 include logos, descriptions, and licensing and support links so that customers
 can make informed decisions about your image.  These items are submitted
 alongside the image itself for moderation.
 The Docker Store team then conducts a comprehensive review of your image and
 metadata.  We use Docker Security Scanning to evaluate your product images’
 security, and share results with you as the publisher.  During the
 image-moderation phase, we iterate back and forth with publishers to address
 outstanding vulnerabilities and content-manifest issues until the image is ready
 for publication.
 Commercial content and other supported images may qualify for the Docker
 Certified Container or Plugins quality mark.  The testing for this program goes
 beyond the vulnerability scan and also evaluates container images for Docker
 best practices developed over years of experience.  Collaborative support
 capability between Docker and the publisher is also established.  Please refer
 to the diagram below for a high-level summary:
 ![publishing workflow](images/publish-diagram.png)
 ### Create Great Content
 Create your content, and follow our best practices to Dockerize it.  Keep your
 images small, your layers few, and your components secure.  Please refer to the
 links and guidelines listed below to build and deliver great content:
 * [Best practices for writing Dockerfiles](/engine/userguide/eng-image/dockerfile_best-practices/)
 * [Official repositories on Docker Hub](/docker-hub/official_repos/)
 * [Docker Bench for Security](https://github.com/docker/docker-bench-security){: target="_blank"
 class="_"}
 Here are some best practices when it comes to building vulnerability-free Docker images:
 #### Choose a secure base image (See your Dockerfile's `FROM:` directive)
 Many base images have a strong record of being secure, including:
 * [Debian](https://hub.docker.com/r/library/debian/tags/jessie/){: target="_blank"
 class="_"} Linux: both small and tightly-controlled, Debian-linux is a good
 alternative if you're currently using Ubuntu.
 * [Alpine](https://hub.docker.com/_/alpine/){: target="_blank" class="_"} Linux: Alpine is a minimal linux distribution with an
 excellent security record.
 * Alpine-based application images: these include `python:alpine`, `ruby:alpine`,
 and `golang:alpine`. They are secure and minimal, while providing the
 convenience of their non-Alpine alternatives.
 Docker strongly recommends Alpine Linux. The founder of this Linux
 distribution is leading an initiative at Docker to provide safe, compact base
 images for all container applications.
 #### Remove unused components
 Often, vulnerabilities exist in components that aren't actually used in the
 containerized application.  To avoid this, you can:
 * Follow best practices when using the `apt-get` command.
 * Make sure to run `apt-get-remove` to destroy any components required to build but not actually run your application.  Usually, this involves creating multi-line Dockerfile directives, as seen below.  The following example shows how to remove `curl` and `python-pip` after they are used to install the Python `requests` package, all in a single Dockerfile directive:
 ```shell
 RUN apt-get update && \
         apt-get install -y --no-install-recommends curl python-pip && \
         pip install requests && \
         apt-get remove -y python-pip curl && \
         rm -rf /var/lib/apt/lists/
 ```
 > **Note**: Keep in mind, any file introduced in one directive of
 your Dockerfile can only be removed in the same directive (and not
 in subsequent directives in your Dockerfile).
 #### Keep required components up-to-date
 Your images are comprised of open-source libraries and packages that amass
 vulnerabilities over time and are consequently patched.  To optimize your
 product’s integrity, you must keep your images up-to-date:
 * Periodically update your base image's version, especially if you’re using a
 version deemed to be vulnerable.
 * Re-build your image periodically.  Directives including commands such as
 `apt-get install ...` pull the latest versions of dependencies, which may
 include security fixes.
 #### Scan your own private repositories
 Eliminating vulnerabilities is a trial-and-error process. To speed it up,
 consider using Docker Security Scanning on your own private Docker repositories
 in Docker Cloud and Docker Hub. This feature allows you to scan images you
 create on-demand, without relying on the scans provided by the Docker Publisher
 Program.
 ### Create and maintain your publisher profile in the Store
 Let the Docker community
 know who you are.  Add your details, your company story, and what you do.  At
 the very minimum, we require:
 * Legal entity name
 * Company website
 * Phone number
 * Valid company email
 * Company icon/logo (square; at least 512x512px
 ### Prepare your image-manifest materials
 You must provide the namespace (including repository and tags) of a private
 repository on Docker Cloud or Hub that contains the source for your product.
 This repository path will not be shown to users, but the repositories you choose
 determine the Product Tiers available for customers to download.
 The following content information helps us make your product look great and
 discoverable:
 1.  Product Name
 2.  Product icon/logo
 3.  Short description: a one-to-two-sentence summary; up to 140 characters
 4.  Category: Database, Networking, Business Software, etc. and any search tags
 5.  Long description: includes product details/pitch
 6.  Screenshot(s)
 7.  Support link
 8.  Product tier name
 9.  Product tier description
 10. Product tier price
 11. Installation instructions
 12. Link to license agreements
 ##### How the manifest information is displayed in the UI
 (Please note that this is an approximate representation. We frequently make enhancements to the look and some elements might shift around.)
 ![manifest information displayed on store UI](images/subscribed.png)
 ### Support your users
 Docker users who download your content from the Store might need your help
 later, so be prepared for questions!  The information you provide with your
 submission will save support time in the future.
 #### Support information
 If you provide support along with your content, include that information.  Is
 there a support website?  What email address can users contact for help?  Are
 there self-help or troubleshooting resources available?
 #### Support SLA
 Include a Service Level Agreement (SLA) for each image you're offering for the
 Store.  An SLA is your commitment to your users about the nature and level of
 support you provide to them. Make sure your SLA includes support hours and
 response-time expectations, where applicable.
 ## Security and Audit Policies
 ### Docker Security Scanning
 We use Docker Security Scanning to automatically and continuously assess your
 products’ integrity.  The tool deconstructs images, conducts a binary scan of
 the bits to identify the open-source components present in each image layer, and
 associates those components with known vulnerabilities and exposures.  We then
 share the scan results with you as the publisher, so that you can modify your
 images’ content accordingly.  Your scan results are private, and are never
 shared with end customers or other publishers.
 To interpret the results, refer to the
 [documentation](/docker-cloud/builds/image-scan.md).
 #### Classification of issues
 * All Scan results will include the CVE numbers and a CVSS (Common Vulnerability Scoring System) Score.
  * CVE Identifiers (also referred to by the community as "CVE names," "CVE
  numbers," "CVE entries," "CVE-IDs," and "CVEs") are unique identifiers for
  publicly-known, cyber-security vulnerabilities.
  * The Common Vulnerability Scoring System (CVSS) provides an open
    framework for communicating the characteristics and impacts of
    IT vulnerabilities.  Its quantitative model ensures repeatable,
    accurate measurement while enabling users to see the underlying
    vulnerability characteristics that were used to generate the scores.  
    As a result, CVSS is well-suited as a standard measurement system
    for industries, organizations, and governments that need accurate
    and consistent vulnerability-impact scores.  CVSS is commonly used
    to prioritize vulnerability-remediation activities, and calculate
    the severity of vulnerabilities discovered on systems. The
    National Vulnerability Database (NVD) provides CVSS scores for
    almost all known vulnerabilities.
  * Docker classifies the severity of issues per CVSS range, Docker classification, and service level agreement (SLA) as follows.
    | CVSS range | Docker classification | SLA for fixing issues |
    |:-----|:--------|:------|
    | 7.0 to 10.0  | Critical | Within 72 hours of notification |                                                
    | 4.0 to 6.9  | Major | Within 7 days of notification |  
    | 0.1 to 3.9 | Minor | No SLA. Best-effort to fix or address in documentation. |
 * In addition to CVSS, the Docker Security team can identify or classify
 vulnerabilities that need to be fixed, and categorize them in the
 minor-to-critical range.
 * The publisher is presented with initial scan results, including all components
 with their CVEs and their CVSS scores.
 * If you use Docker’s Scanning Service, you can subscribe to a notification
 service for new vulnerabilities.
 * Failure to meet above SLAs may cause the listing is put on “hold”.  
 * A warning label shows up on the marketplace listing. An email is sent to the
 users who have downloaded and subscribed for notifications.
 * A Repo’s listing can stay in the "hold" state for a maximum of 1 month, after
 which the listing will be revoked.
 ##  Usage Audit and Reporting
 Unless otherwise negotiated, an audit of activity on publisher content will be
 retained for no less than 180 days.
 A monthly report of said activity will be provided to the publisher with the
 following data: (1) report of content download by free and paid customers by
 date and time; (2) report of purchase, cancellations, refunds, tax payments,
 where applicable, and subscription length for paid customers of the content; and
 (3) the consolidated amount to be received by the publisher.
 ### Certification
 There are three types of certification that appear in Docker Store.
 ![certified container badge](images/certified_container.png)
 Certifies that a container image on Docker Store has been tested; complies best
 practices guidelines; will run on a Docker Certified Infrastructure; has proven
 provenance; been scanned for vulnerabilities; and is supported by Docker and the
 content publisher
 ![certified plugins badge](images/certified_plugins.png)
 This certification is designed for volume, network, and other plugins that
 access system level Docker APIs. Docker Certified Plugins provide the same level
 of assurance as a Docker Certified Container, but go further by having passed an
 additional suite of API compliance testing.
 ![certified plugins badge](images/certified_infrastructure.png)
 Indicates that the release of the Docker Edition and the underlying platform
 have been tested together and are supported in combination by both Docker and
 the partner.
 ### Docker Certified Publisher FAQ
 #### What is the Docker Certified program?
 Docker Certified Container images and plugins are meant to differentiate high
 quality content on Docker Store. Customers can consume Certified Containers with
 confidence knowing that both Docker and the publisher will stand behind the
 solution.  Further details can be found in the [Docker Partner Program Guide](https://www.docker.com/partnerprogramguide){: target="_blank" class="_"}.
 #### What are the benefits of Docker Certified?
 Docker Store will promote Docker Certified Containers and Plugins running on
 Docker Certified Infrastructure trusted and high quality content. With over 8B
 image pulls and access to Docker’s large customer base, a publisher can
 differentiate their content by certifying their images and plugins. With a
 revenue share agreement, Docker can be a channel for your content.   The Docker
 Certified badge can also be listed alongside external references to your
 product.
 #### How will the Docker Certified Container image be listed on Docker Store?
 These images are differentiated from other images on store through a
 certification badge. A user can search specifically for CI’s by limiting their
 search parameters to show only certified content.
 ![certified content example](images/FAQ-certified-content.png)
 #### Is certification optional or required to be listed on Store?
 Certification is recommended for most commercial and supported container images.
 Free, community, and other commercial (non-certified) content may also be listed
 on Docker Store.
 ![certified content example](images/FAQ-types-of-certified-content.png)
 #### How will support be handled?
 All Docker Certified Container images and plugins running on Docker Certified
 Infrastructure come with SLA based support provided by the publisher and Docker.
 Normally, a customer contacts the publisher for container and application level
 issues.   Likewise, a customer will contact Docker for Docker Edition support.
 In the case where a customer calls Docker (or vice versa) about an issue on the
 application, Docker will advise the customer about the publisher support process
 and will perform a handover directly to the publisher if required.  TSAnet is
 required for exchange of support tickets between the publisher and Docker.
 #### How does a publisher apply to the Docker Certified program?
 Start by applying to be a [Docker Technology
 Partner](https://goto.docker.com/partners){: target="_blank" class="_"}
 * Requires acceptance of partnership agreement for completion
 * Identify commercial content that can be listed on Store and includes a support
 offering
 * Test your image against the Docker CS Engine 1.12+ or on a Docker Certified
 Infrastructure version 17.03 and above  (Plugins must run on 17.03 and above)
 * Submit your image for Certification through the publisher portal. Docker will
 scan the image and work with you to address vulnerabilities.  Docker will also
 conduct a best practices review of the image.
 * Be a [TSAnet](https://www.tsanet.org/){: target="_blank" class="_"} member or
 join the Docker Limited Group.
 * Upon completion of Certification criteria, and acceptance by
 Docker, Publisher’s product page will be updated to reflect Certified status.
 #### Is there a fee to join the program?
 In the future, Docker may charge a small annual listing fee. This is waived for
 the initial period.
 #### What is the difference between Official Images and Docker Certified?
 Many Official images will transition to the Docker Certified program and will be
 maintained and updated by the original owner of the software. Docker will
 continue to maintain of some base OS images and language frameworks.  
 #### How will certification of plugins be handled?
 Docker Certification program recognizes the need to apply special scrutiny and
 testing to containers that access system level interfaces like storage volumes
 and networking.   Docker identifies these special containers as “Plugins” which
 require additional testing by the publisher or Docker.  These plugins employ the
 V2 Plugin Architecture that was first made available in 1.12 (experimental) and
 now available in Docker Enterprise Edition 17.03
--- a/docker-store/publish.md
+++ b/docker-store/publish.md
@ -1,19 +1,10 @@
 ---
 description: Submit a product for the Docker Store
 keywords: Docker, docker, store, purchase images
-title: Submit a product to Docker Store
+title: Publish content on Docker Store
 ---
-## Publishing Content on the Docker Store
+## Permitted Content and Support Options
 To submit an image to the Docker Store, you must first [apply to
 join](https://store.docker.com/publisher/signup) our publisher program. You'll
 receive a welcome email when you're accepted into the program.
 Once you've been accepted, click the link in your acceptance email, or go to the
 [Docker Store](https://store.docker.com) and click **Publish a Product**.
 ### Permitted Content and Support Options
 * Content that runs on a Docker Enterprise Edition (i.e. Docker Certified
 Infrastructure) may be published in the Store.  This content may also qualify to
@ -34,7 +25,7 @@ published in the Store.
 | Does not work on Docker Certified Infrastructure | NO                       |   N/A       |    N/A     |
-### Onboarding
+## Onboarding
 The publishing process for the Docker Store is straightforward, and can be
 initiated from the landing page.  You can sign in with your Docker ID, and
@ -65,7 +56,7 @@ to the diagram below for a high-level summary:
 ![publishing workflow](images/publish-diagram.png)
-### Create Great Content
+## Create Great Content
 Create your content, and follow our best practices to Dockerize it.  Keep your
 images small, your layers few, and your components secure.  Please refer to the
@ -80,7 +71,7 @@ class="_"}
 Here are some best practices when it comes to building vulnerability-free Docker images:
-#### Choose a secure base image (See your Dockerfile's `FROM:` directive)
+### Choose a secure base image (See your Dockerfile's `FROM:` directive)
 Many base images have a strong record of being secure, including:
@ -99,7 +90,7 @@ Docker strongly recommends Alpine Linux. The founder of this Linux
 distribution is leading an initiative at Docker to provide safe, compact base
 images for all container applications.
-#### Remove unused components
+### Remove unused components
 Often, vulnerabilities exist in components that aren't actually used in the
 containerized application.  To avoid this, you can:
@ -120,7 +111,7 @@ RUN apt-get update && \
 your Dockerfile can only be removed in the same directive (and not
 in subsequent directives in your Dockerfile).
-#### Keep required components up-to-date
+### Keep required components up-to-date
 Your images are comprised of open-source libraries and packages that amass
 vulnerabilities over time and are consequently patched.  To optimize your
@ -133,7 +124,7 @@ version deemed to be vulnerable.
 `apt-get install ...` pull the latest versions of dependencies, which may
 include security fixes.
-#### Scan your own private repositories
+### Scan your own private repositories
 Eliminating vulnerabilities is a trial-and-error process. To speed it up,
 consider using Docker Security Scanning on your own private Docker repositories
@ -141,7 +132,7 @@ in Docker Cloud and Docker Hub. This feature allows you to scan images you
 create on-demand, without relying on the scans provided by the Docker Publisher
 Program.
-### Create and maintain your publisher profile in the Store
+## Create and maintain your publisher profile in the Store
 Let the Docker community
 know who you are.  Add your details, your company story, and what you do.  At
@ -154,7 +145,7 @@ the very minimum, we require:
 * Company icon/logo (square; at least 512x512px
-### Prepare your image-manifest materials
+## Prepare your image-manifest materials
 You must provide the namespace (including repository and tags) of a private
 repository on Docker Cloud or Hub that contains the source for your product.
@ -177,200 +168,213 @@ discoverable:
 11. Installation instructions
 12. Link to license agreements
-##### How the manifest information is displayed in the UI
+#### How the manifest information is displayed in the UI
 (Please note that this is an approximate representation. We frequently make enhancements to the look and some elements might shift around.)
 ![manifest information displayed on store UI](images/subscribed.png)
-### Support your users
+## Support your users
 Docker users who download your content from the Store might need your help
 later, so be prepared for questions!  The information you provide with your
 submission will save support time in the future.
-#### Support information
+### Support information
 If you provide support along with your content, include that information.  Is
 there a support website?  What email address can users contact for help?  Are
 there self-help or troubleshooting resources available?
-#### Support SLA
+### Support SLA
 Include a Service Level Agreement (SLA) for each image you're offering for the
 Store.  An SLA is your commitment to your users about the nature and level of
 support you provide to them. Make sure your SLA includes support hours and
 response-time expectations, where applicable.
-## OLD STUFF
+## Security and Audit Policies
-## Before you begin
+### Docker Security Scanning
-Before you start, there are a few things you should know.
+We use Docker Security Scanning to automatically and continuously assess your
 products’ integrity.  The tool deconstructs images, conducts a binary scan of
 the bits to identify the open-source components present in each image layer, and
 associates those components with known vulnerabilities and exposures.  We then
 share the scan results with you as the publisher, so that you can modify your
 images’ content accordingly.  Your scan results are private, and are never
 shared with end customers or other publishers.
-**The Docker Store moderation process**
+To interpret the results, refer to the
 [documentation](/docker-cloud/builds/image-scan.md).
-The Docker Store team validates submitted products to ensure quality and
+#### Classification of issues
 security, and to make sure your product information is complete and helpful for
 potential customers.
-To do this, you'll provide your product binaries and some information about the
+* All Scan results will include the CVE numbers and a CVSS (Common Vulnerability Scoring System) Score.
 product (the "product manifest") which will be reviewed by a moderator. If
 changes are needed, the moderation team will notify you by email. At that point,
 you can make changes and resubmit the product.
-**Use private repositories**
+  * CVE Identifiers (also referred to by the community as "CVE names," "CVE
  numbers," "CVE entries," "CVE-IDs," and "CVEs") are unique identifiers for
  publicly-known, cyber-security vulnerabilities.
-The source for your product must be in a **private** repository in either Docker
+  * The Common Vulnerability Scoring System (CVSS) provides an open
-Cloud or Docker Hub. This allows us to provide feedback to help you produce
+    framework for communicating the characteristics and impacts of
-excellent products _before_ you make your items available to the public.
+    IT vulnerabilities.  Its quantitative model ensures repeatable,
    accurate measurement while enabling users to see the underlying
    vulnerability characteristics that were used to generate the scores.  
    As a result, CVSS is well-suited as a standard measurement system
    for industries, organizations, and governments that need accurate
    and consistent vulnerability-impact scores.  CVSS is commonly used
    to prioritize vulnerability-remediation activities, and calculate
    the severity of vulnerabilities discovered on systems. The
    National Vulnerability Database (NVD) provides CVSS scores for
    almost all known vulnerabilities.
-**Product tiers**
+  * Docker classifies the severity of issues per CVSS range, Docker classification, and service level agreement (SLA) as follows.
-You can create several different tiers for a single product. For example, you
+    | CVSS range | Docker classification | SLA for fixing issues |
-might have Free, Basic, and Enterprise versions of a single product, each with
+    |:-----|:--------|:------|
-their own features, support levels, and subscription pricing.
+    | 7.0 to 10.0  | Critical | Within 72 hours of notification |                                                
    | 4.0 to 6.9  | Major | Within 7 days of notification |  
    | 0.1 to 3.9 | Minor | No SLA. Best-effort to fix or address in documentation. |
-At minimum, each product tier must be represented by a unique tag within a
+* In addition to CVSS, the Docker Security team can identify or classify
-repository, however you can also select tags for each tier from several
+vulnerabilities that need to be fixed, and categorize them in the
-different repositories or namespaces.
+minor-to-critical range.
 * The publisher is presented with initial scan results, including all components
 with their CVEs and their CVSS scores.
-**Save and continue**
+* If you use Docker’s Scanning Service, you can subscribe to a notification
 service for new vulnerabilities.
-We'll ask for a lot of information to display on your product page, and we know
+* Failure to meet above SLAs may cause the listing is put on “hold”.  
 that you may not have all of it available right away. As you fill out your
 product information, you can always save your work and come back to work on it
 later, before you submit it.
-Spot a typo? You can always edit and resubmit your product information.
+* A warning label shows up on the marketplace listing. An email is sent to the
-Resubmitted product information goes through the same moderation process, but
+users who have downloaded and subscribed for notifications.
 small changes should take less time to validate.
-## Select repositories
+* A Repo’s listing can stay in the "hold" state for a maximum of 1 month, after
 which the listing will be revoked.
-Start with private repositories on Docker Cloud or Docker Hub.
+### Usage Audit and Reporting
-Select at least one repository by choosing a user or organization (the
+Unless otherwise negotiated, an audit of activity on publisher content will be
-namespace), then select a repository from that account, and then a tag.
+retained for no less than 180 days.
-Optionally, click **Add another repository** and repeat this process for any
+A monthly report of said activity will be provided to the publisher with the
-product tiers you plan to offer on the Docker Store. For example you might have
+following data: (1) report of content download by free and paid customers by
-a Free tier, a Basic tier, and an Enterprise tier, each represented by a
+date and time; (2) report of purchase, cancellations, refunds, tax payments,
-different namespace/repo/tag combination.
+where applicable, and subscription length for paid customers of the content; and
 (3) the consolidated amount to be received by the publisher.
 ### Certification
-Make sure you have read the required **Vendor agreement**, and check the box to
+There are three types of certification that appear in Docker Store.
 indicate your agreement.
-Click **Save and Continue**.
+![certified container badge](images/certified_container.png)
-## Add company information
+Certifies that a container image on Docker Store has been tested; complies best
 practices guidelines; will run on a Docker Certified Infrastructure; has proven
 provenance; been scanned for vulnerabilities; and is supported by Docker and the
 content publisher
-Fill out your Publisher Details. If you've already done this, for example if
+![certified plugins badge](images/certified_plugins.png)
 you've already submitted a product, skip to the next section.
-Your company name comes from the [initial sign up
+This certification is designed for volume, network, and other plugins that
-form](https://store.docker.com/publisher/signup) you filled out, however you can
+access system level Docker APIs. Docker Certified Plugins provide the same level
-change your details on this screen if needed.
+of assurance as a Docker Certified Container, but go further by having passed an
 additional suite of API compliance testing.
-Provide a URL to the logo that represents your company or organization. This
+![certified plugins badge](images/certified_infrastructure.png)
 logo must be at least 512x512 pixels.
-Provide the URL of your company website.
+Indicates that the release of the Docker Edition and the underlying platform
 have been tested together and are supported in combination by both Docker and
 the partner.
-## Add product information
+### Docker Certified Publisher FAQ
-Next, fill out the Product Details.
+#### What is the Docker Certified program?
-Provide a tagline: a short description of your product in 140 characters or
+Docker Certified Container images and plugins are meant to differentiate high
-less. This appears in Store search results along with the product icon, so make
+quality content on Docker Store. Customers can consume Certified Containers with
-it useful.
+confidence knowing that both Docker and the publisher will stand behind the
 solution.  Further details can be found in the [Docker Partner Program Guide](https://www.docker.com/partnerprogramguide){: target="_blank" class="_"}.
-Provide a URL to the image that will represent the overall product, again at
+#### What are the benefits of Docker Certified?
 least 512x512 pixels. Remember that in the Docker Store, this product icon
 displays for every product tier, so you may need to make it general.
-Select any categories that apply to your image. These categories help customers
+Docker Store will promote Docker Certified Containers and Plugins running on
-find your image when they search the Docker Store.
+Docker Certified Infrastructure trusted and high quality content. With over 8B
 image pulls and access to Docker’s large customer base, a publisher can
 differentiate their content by certifying their images and plugins. With a
 revenue share agreement, Docker can be a channel for your content.   The Docker
 Certified badge can also be listed alongside external references to your
 product.
-Add a longer product description. If the tagline is your elevator pitch to get
+#### How will the Docker Certified Container image be listed on Docker Store?
 the customer's attention, the long description is your chance to highlight what
 makes your software great. Don't neglect it.
-Provide the URL for the product's support pages. This can be as simple as a
+These images are differentiated from other images on store through a
-troubleshooting section in your product's README file, or a link to your
+certification badge. A user can search specifically for CI’s by limiting their
-company's Support site or knowledge base.
+search parameters to show only certified content.
-Finally, add some screenshots. These should be 1920x1200 pixels or larger, and
+![certified content example](images/FAQ-certified-content.png)
 should show your product in use.
-Click **Save and Continue** to save your changes and go on to the next screen.
+#### Is certification optional or required to be listed on Store?
-## Product tier offerings
+Certification is recommended for most commercial and supported container images.
 Free, community, and other commercial (non-certified) content may also be listed
 on Docker Store.
-For each repository you selected in the first step, you'll be prompted to create
+![certified content example](images/FAQ-types-of-certified-content.png)
 a Product Tier.
-**Default tiers**
+#### How will support be handled?
-The "Default" product tier is the one that is selected on your product's Docker
+All Docker Certified Container images and plugins running on Docker Certified
-Store listing page until the customer switches to another tier. You can use the
+Infrastructure come with SLA based support provided by the publisher and Docker.
-default option to highlight a specific product tier, or to help your customers
+Normally, a customer contacts the publisher for container and application level
-when you expect most of them will want a specific tier rather than another one.
+issues.   Likewise, a customer will contact Docker for Docker Edition support.
 In the case where a customer calls Docker (or vice versa) about an issue on the
 application, Docker will advise the customer about the publisher support process
 and will perform a handover directly to the publisher if required.  TSAnet is
 required for exchange of support tickets between the publisher and Docker.
-**One month trials**
+#### How does a publisher apply to the Docker Certified program?
-Docker Store allows you to offer a one-month free trial for any of your paid
+Start by applying to be a [Docker Technology
-subscription products. When you select this option, Docker Store begins the
+Partner](https://goto.docker.com/partners){: target="_blank" class="_"}
 subscription right away, but does not charge the user the monthly fee until the
 beginning of their second month. The user can cancel at any time during the
 first month trial period and not be charged.
-**Free product tiers**
+* Requires acceptance of partnership agreement for completion
-To create a free product tier, enter a monthly price of $0. Free subscriptions
+* Identify commercial content that can be listed on Store and includes a support
-are treated exactly the same as paid subscriptions, except they do not produce
+offering
 monthly charges or invoices.
-### Create product tiers
+* Test your image against the Docker CS Engine 1.12+ or on a Docker Certified
 Infrastructure version 17.03 and above  (Plugins must run on 17.03 and above)
-For each binary you selected in step one, you'll see a section for product tier
+* Submit your image for Certification through the publisher portal. Docker will
-information. Choose one tier to make the Default tier. Then fill out the
+scan the image and work with you to address vulnerabilities.  Docker will also
-information for each individual tier.
+conduct a best practices review of the image.
-For each tier, add a tier name and monthly subscription price. For example, you
+* Be a [TSAnet](https://www.tsanet.org/){: target="_blank" class="_"} member or
-might have a tier called "Free" for $0, and a tier called and "Enterprise" for
+join the Docker Limited Group.
 $10 per month. Optionally, you can choose to offer a free one-month trial.
-Select the source repository for each tier.
+* Upon completion of Certification criteria, and acceptance by
 Docker, Publisher’s product page will be updated to reflect Certified status.
-> **Note**: At this time, you can only select one source for each pricing tier. Support for bundled products is coming at a later date.
+#### Is there a fee to join the program?
-For each tier, enter a description. This description tells the customer what's
+In the future, Docker may charge a small annual listing fee. This is waived for
-included or different about this product tier.
+the initial period.
-Paste the link to your software's license agreement in the next field. This
+#### What is the difference between Official Images and Docker Certified?
 allows the customer to read and review your license agreement before purchasing.
-Finally, provide installation instructions for this product tier.
+Many Official images will transition to the Docker Certified program and will be
 maintained and updated by the original owner of the software. Docker will
 continue to maintain of some base OS images and language frameworks.  
-Repeat this process for each tier.
+#### How will certification of plugins be handled?
-## What's next?
+Docker Certification program recognizes the need to apply special scrutiny and
-
+testing to containers that access system level interfaces like storage volumes
-When you submitted the repository information for your product in the first
+and networking.   Docker identifies these special containers as “Plugins” which
-step, we began the Docker Security Scan process. You'll receive notification of
+require additional testing by the publisher or Docker.  These plugins employ the
-your scan results in a few days. During that time, we'll also review the product
+V2 Plugin Architecture that was first made available in 1.12 (experimental) and
-information you submitted to make sure it meets our quality guidelines. If any
+now available in Docker Enterprise Edition 17.03
 changes are needed, or if security vulnerabilities are discovered, you'll get an
 email explaining what needs to be changed.
 When your product's image is secure and the product information meets our
 quality guidelines, you'll receive an email notification that the product is
 ready to publish to the Docker Store.
 Once you receive this email you can go to the Docker Store and click **Publish**
 to make your product available.
 > **Tip**: Docker does not automatically make the approved product available. This means you can time the product's release on the Docker Store with announcements or marketing activity.
--- a/docker-store/trustchain.md
+++ b/docker-store/trustchain.md
@ -57,3 +57,7 @@ image certification and publishing process as outlined below:
    ```
 ![Store Trust Chain signing process](images/image_0.png)
 To learn more the trust chain and certification for publishing content, see
 [Security and Audit Policies](publish.md#security-and-audit-policies) in the
 publishers guide.