diff --git a/docker-store/trustchain.md b/docker-store/trustchain.md index 8f3e990d55..a57d32fb01 100644 --- a/docker-store/trustchain.md +++ b/docker-store/trustchain.md @@ -44,11 +44,11 @@ image certification and publishing process as outlined below: 2. Docker verifies the signatures to guarantee authenticity, integrity, and freshness of the image. All of the individual layers of your image, and the combination thereof, are encompassed as part of this verification check. [Read more detail about Content Trust in Docker's documentation](/engine/security/trust/content_trust/#understand-trust-in-docker). -3. Upon a successful signature verification, Docker pulls the original image to a private, internal staging area only accessible to the Docker Store certification team +3. Upon a successful signature verification, Docker pulls the original image to a private, internal staging area only accessible to the Docker Store certification team. 4. The Docker Store certification team performs a thorough review of the image, looking for vulnerabilities and verifying best practices for image hygiene, such as ensuring minimal image sizes and working health-checks. -5. Upon a successful review, Docker signs the image and makes it officially available on Docker Store. Similar to artifacts on the Apple Store, this is the final and only signature on the image. Your consumers that the full certification process was completed by checking Docker’s signature by pulling and running with Docker Content Trust: +5. Upon a successful review, Docker signs the image and makes it officially available on Docker Store. Similar to artifacts on the Apple Store, this is the final and only signature on the image. Your consumers confirm that the full certification process was completed by checking Docker’s signature by pulling and running with Docker Content Trust: ```shell DOCKER_CONTENT_TRUST=1 docker pull