docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Engdocs 1272 (#16953) 

* ENGDOCS-1272

* style guide alignment

* fix broken links
This commit is contained in:
Allie Sadler 2023-03-24 08:15:40 +00:00 committed by GitHub
parent 25bc00d694
commit a64a01acff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 50 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
docker-hub/audit-log.md
View File

@ -4,30 +4,33 @@ keywords: Team, organization, activity, log, audit, activities
title: Audit logs
---
{% include upgrade-cta.html
body="Audit logs are available for users subscribed to a Docker Team or a Business subscription. Upgrade now to start tracking events across your organization."
header-text="This feature requires a paid Docker subscription"
target-url="https://www.docker.com/pricing?utm_source=docker&utm_medium=webreferral&utm_campaign=docs_driven_upgrade_audit_log"
%}
> **Note**
>
> Audit logs requires a [Docker Team, or Business subscription](../subscription/index.md).
Audit logs display a chronological list of activities that occur at organization and repository levels. It provides owners of Docker Team accounts a report of all their team member activities. This allows the team owners to view and track what changes were made, the date when a change was made, and who initiated the change. For example, the audit logs display activities such as the date when a repository was created or deleted, the team member who created the repository, the name of the repository, and when there was a change to the privacy settings.
Audit logs display a chronological list of activities that occur at organization and repository levels. It provides a report to owners of Docker Team on all their team member activities.
With audit logs, team owners can view and track:
- What changes were made
- The date when a change was made
- Who initiated the change
For example, Audit logs display activities such as the date when a repository was created or deleted, the team member who created the repository, the name of the repository, and when there was a change to the privacy settings.
Team owners can also see the audit logs for their repository if the repository is part of the organization subscribed to a Docker Team plan.
Audit logs began tracking activities from the date the feature went live, that is from 25 January 2021. Activities that took place before this date are not captured.
## View the audit logs
To view the audit logs:
1. Sign into an owner account for the organization in Docker Hub.
2. Select your organization from the list and then click on the **Activity** tab.
![Organization activity tab](images/org-activity-tab.png){:width="700px"}
The audit logs begin tracking activities from the date the feature is live, that is from **25 January 2021**. Activities that took place before this date are not captured.
1. Sign in to Docker Hub.
2. Select your organization from the list and then select the **Activity** tab.
> **Note**
>
> Docker will retain the activity data for a period of three months.
> Docker retains the activity data for a period of three months.
## Customize the audit logs
@ -39,10 +42,9 @@ By default, all activities that occur at organization and repository levels are
>
> Activities created by the Docker Support team as part of resolving customer issues appear in the audit logs as **dockersupport**.
Click the **All Activities** drop-down list to view activities that are specific to an organization or a repository. After choosing **Organization** or **Repository**, you can further refine the results using the **All Actions** drop-down list. If you select the **Activities** tab from the **Repository** view, you can only filter repository-level activities.
![Refine organization activities](images/org-all-actions.png){:width="600px"}
Select the **All Activities** dropdown to view activities that are specific to an organization, repository, or billing. If you select the **Activities** tab from the **Repository** view, you can only filter repository-level activities.
After choosing **Organization**, **Repository**, or **Billing**, you can further refine the results using the **All Actions** dropdown.
## Audit logs event definitions

45
docker-hub/download-rate-limit.md
View File

@ -6,12 +6,15 @@ title: Download rate limit
## What's the download rate limit on Docker Hub
Docker Hub limits the number of Docker image downloads ("pulls")
based on the account type of the user pulling the image. Pull rates limits are based on individual IP address. For anonymous users, the rate limit is set to 100 pulls per 6 hours per IP address. For [authenticated](#how-do-i-authenticate-pull-requests) users, it's 200 pulls per 6 hour period. Users with a paid [Docker subscription](https://www.docker.com/pricing){: target="_blank" rel="noopener" class="_"} get up to 5000 pulls per day. If you require a higher number of pulls, you can also purchase an [Enhanced Service Account add-on](service-accounts.md#enhanced-service-account-add-on-pricing).
Docker Hub limits the number of Docker image downloads, or pulls based on the account type of the user pulling the image. Pull rate limits are based on individual IP address.
Some images are unlimited through our [Open Source](https://www.docker.com/blog/expanded-support-for-open-source-software-projects/){: target="_blank" rel="noopener" class="_"} and [Publisher](https://www.docker.com/partners/programs){: target="_blank" rel="noopener" class="_"} programs.
For anonymous users, the rate limit is set to 100 pulls per 6 hours per IP address.
For [authenticated](#how-do-i-authenticate-pull-requests) users, it's 200 pulls per 6 hour period.
Users with a paid [Docker subscription](https://www.docker.com/pricing){: target="_blank" rel="noopener" class="_"} get up to 5000 pulls per day.
See [Docker Pricing](https://www.docker.com/pricing){: target="_blank" rel="noopener" class="_"} and [Resource Consumption Updates FAQ](https://www.docker.com/pricing/resource-consumption-updates){: target="_blank" rel="noopener" class="_"} for details.
If you require a higher number of pulls, you can also purchase an [Enhanced Service Account add-on](service-accounts.md#enhanced-service-account-add-on-pricing).
Some images are unlimited through our [Open Source](https://www.docker.com/blog/expanded-support-for-open-source-software-projects/){: target="_blank" rel="noopener" class="_"} and [Publisher](https://www.docker.com/partners/programs){: target="_blank" rel="noopener" class="_"} programs. See [Docker Pricing](https://www.docker.com/pricing){: target="_blank" rel="noopener" class="_"} and [Resource Consumption Updates FAQ](https://www.docker.com/pricing/resource-consumption-updates){: target="_blank" rel="noopener" class="_"} for details.
## Definition of limits
@ -34,17 +37,17 @@ manifest requests.
## How do I know my pull requests are being limited
When you issue a pull request and you are over the limit for your account type, Docker Hub will return a `429` response code with the following body when the manifest is requested:
When you issue a pull request and you are over the limit, Docker Hub returns a `429` response code with the following body when the manifest is requested:
```
You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limits
```
You will see this error message in the Docker CLI or in the Docker Engine logs.
This error message appears in the Docker CLI or in the Docker Engine logs.
## How can I check my current rate
Valid manifest API requests to Hub will usually include the following rate limit headers in the response:
Valid API requests to Hub usually include the following rate limit headers in the response:
```
ratelimit-limit
@ -52,15 +55,19 @@ ratelimit-remaining
docker-ratelimit-source
```
These headers will be returned on both GET and HEAD requests. Note that using GET emulates a real pull and will count towards the limit; using HEAD won't, so we will use it in this example. To check your limits, you will need `curl`, `grep`, and `jq` installed.
These headers are returned on both GET and HEAD requests.
To get a token anonymously (if you are pulling anonymously):
>**Note**
>
>Using GET emulates a real pull and counts towards the limit. Using HEAD won't. To check your limits, you need `curl`, `grep`, and `jq` installed.
To get a token anonymously, if you are pulling anonymously:
```console
$ TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)
```
To get a token with a user account (if you are authenticating your pulls) - don't forget to insert your username and password in the following command:
To get a token with a user account, if you are authenticated (insert your username and password in the following command):
```console
$ TOKEN=$(curl --user 'username:password' "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)
@ -72,7 +79,7 @@ Then to get the headers showing your limits, run the following:
$ curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest
```
Which should return headers including these:
Which should return the following headers:
```http
ratelimit-limit: 100;w=21600
@ -80,13 +87,11 @@ ratelimit-remaining: 76;w=21600
docker-ratelimit-source: 192.0.2.1
```
This means my limit is 100 pulls per 21600 seconds (6 hours), and I have 76 pulls remaining.
> Remember that these headers are best-effort and there will be small variations.
In the example above, the pull limit is 100 pulls per 21600 seconds (6 hours), and there are 76 pulls remaining.
### I don't see any RateLimit headers
This could be because the image or your IP is unlimited in partnership with a publisher, provider, or an open-source organization. It could also mean that the user you are pulling as is part of a paid Docker plan. Pulling that image wont count toward pull limits if you dont see these headers. However, users with a paid Docker subscription pulling more than 5000 times daily require a [Service Account](../docker-hub/service-accounts.md) subscription.
If you don't see any RateLimit header, it could be because the image or your IP is unlimited in partnership with a publisher, provider, or an open-source organization. It could also mean that the user you are pulling as is part of a paid Docker plan. Pulling that image wont count toward pull limits if you dont see these headers. However, users with a paid Docker subscription pulling more than 5000 times daily require a [Service Account](../docker-hub/service-accounts.md) subscription.
## I'm being limited to a lower rate even though I have a paid Docker subscription
@ -96,13 +101,13 @@ A Pro, Team, or a Business tier doesn't increase limits on your images for other
## How do I authenticate pull requests
The following section contains information on how to log into on Docker Hub to authenticate pull requests.
The following section contains information on how to sign in to Docker Hub to authenticate pull requests.
### Docker Desktop
If you are using Docker Desktop, you can log into Docker Hub from the Docker Desktop menu.
If you are using Docker Desktop, you can sign in to Docker Hub from the Docker Desktop menu.
Click **Sign in / Create Docker ID** from the Docker Desktop menu and follow the on-screen instructions to complete the sign-in process.
Select **Sign in / Create Docker ID** from the Docker Desktop menu and follow the on-screen instructions to complete the sign-in process.
### Docker Engine
@ -140,13 +145,13 @@ If you are using any third-party platforms, follow your providers instruction
Docker Hub also has an overall rate limit to protect the application
and infrastructure. This limit applies to all requests to Hub
properties including web pages, APIs, image pulls, etc. The limit is
properties including web pages, APIs, image pulls. The limit is
applied per-IP, and while the limit changes over time depending on load
and other factors, it's in the order of thousands of requests per
minute. The overall rate limit applies to all users equally
regardless of account level.
You can differentiate between these limits by looking at the error
code. The "overall limit" will return a simple `429 Too Many Requests`
code. The "overall limit" returns a simple `429 Too Many Requests`
response. The pull limit returns a longer error message that
includes a link to this page.

16
docker-hub/vulnerability-scanning.md
View File

@ -23,7 +23,7 @@ Scan results include:
- The source of the vulnerability, such as Operating System (OS) packages and
libraries
- The version in which it was introduced
- A recommended fixed version (if available) to remediate the vulnerabilities
- A recommended fixed version, if available, to remediate the vulnerabilities
discovered.
## Changes to vulnerability scanning in Docker Hub
@ -39,7 +39,7 @@ show a higher number of vulnerabilities. If you used vulnerability scanning
before February 27th, 2023, you may see that new vulnerability reports list a
higher number of vulnerabilities, due to a more thorough analysis.
There is no action required on your part. Scans will continue to run as usual
There is no action required on your part. Scans continue to run as usual
with no interruption or changes to pricing. Historical data continues to be
available.
@ -72,10 +72,9 @@ Business tier.
To enable Basic vulnerability scanning:
1. Log into your [Docker Hub](https://hub.docker.com){: target="_blank"
1. Sign in to your [Docker Hub](https://hub.docker.com){: target="_blank"
rel="noopener" class="_"} account.
2. Click **Repositories** from the main menu and select a repository from the
list.
2. Select **Repositories** and then choose a repository.
3. Go to the **Settings** tab.
4. Under **Image insight settings**, select **Basic Hub vulnerability
scanning**.
@ -117,7 +116,7 @@ To view the vulnerability report:
![Vulnerability scan report](images/vuln-scan-report.png){:width="700px"}
2. Click on the **Tags** tab > **Digest** > **Vulnerabilities** to view the
2. Select the **Tags** tab, then **Digest**, then **Vulnerabilities** to view the
detailed scan report.
The scan report displays vulnerabilities identified by the scan, sorting them
@ -165,10 +164,9 @@ improving image security. For more information, see
Repository owners and administrators can disable Basic vulnerability scanning on
a repository. To disable scanning:
1. Log into your [Docker Hub](https://hub.docker.com){: target="_blank"
1. Sign in to your [Docker Hub](https://hub.docker.com){: target="_blank"
rel="noopener" class="_"} account.
2. Go to **Repositories** from the main menu and select a repository from the
list.
2. Go to **Repositories** and then select a repository from the list.
3. Go to the **Settings** tab.
4. Under **Image insight settings**, select **None**.
5. Select **Save**.