mirror of https://github.com/docker/docs.git
Update trustchain.md (#3862)
This commit is contained in:
parent
fcf2883446
commit
ee981e6e86
|
@ -44,11 +44,11 @@ image certification and publishing process as outlined below:
|
|||
|
||||
2. Docker verifies the signatures to guarantee authenticity, integrity, and freshness of the image. All of the individual layers of your image, and the combination thereof, are encompassed as part of this verification check. [Read more detail about Content Trust in Docker's documentation](/engine/security/trust/content_trust/#understand-trust-in-docker).
|
||||
|
||||
3. Upon a successful signature verification, Docker pulls the original image to a private, internal staging area only accessible to the Docker Store certification team
|
||||
3. Upon a successful signature verification, Docker pulls the original image to a private, internal staging area only accessible to the Docker Store certification team.
|
||||
|
||||
4. The Docker Store certification team performs a thorough review of the image, looking for vulnerabilities and verifying best practices for image hygiene, such as ensuring minimal image sizes and working health-checks.
|
||||
|
||||
5. Upon a successful review, Docker signs the image and makes it officially available on Docker Store. Similar to artifacts on the Apple Store, this is the final and only signature on the image. Your consumers that the full certification process was completed by checking Docker’s signature by pulling and running with Docker Content Trust:
|
||||
5. Upon a successful review, Docker signs the image and makes it officially available on Docker Store. Similar to artifacts on the Apple Store, this is the final and only signature on the image. Your consumers confirm that the full certification process was completed by checking Docker’s signature by pulling and running with Docker Content Trust:
|
||||
|
||||
```shell
|
||||
DOCKER_CONTENT_TRUST=1 docker pull <image>
|
||||
|
|
Loading…
Reference in New Issue