Merge pull request #21028 from dvdksn/scout-policy-no-custom-ootb

scout: ootb policy → policy types

content/manuals/build/building/best-practices.md

@@ -229,13 +229,12 @@ to look up and include the image digest for base image versions manually each
 time you want to update it. And you're opting out of automated security fixes,
 which is likely something you want to get.
 
-Docker Scout has a built-in [**No outdated base images**
+Docker Scout's default [**Up-to-Date Base Images**
-policy](../../scout/policy/_index.md#no-outdated-base-images) that checks for
+policy](../../scout/policy/_index.md#up-to-date-base-images) checks whether the
-whether the base image version you're using is in fact the latest version. This
+base image version you're using is in fact the latest version. This policy also
-policy also checks if pinned digests in your Dockerfile correspond to the
+checks if pinned digests in your Dockerfile correspond to the correct version.
-correct version. If a publisher updates an image that you've pinned, the policy
+If a publisher updates an image that you've pinned, the policy evaluation
-evaluation returns a non-compliant status, indicating that you should update
+returns a non-compliant status, indicating that you should update your image.
-your image.
 
 Docker Scout also supports an automated remediation workflow for keeping your
 base images up-to-date. When a new image digest is available, Docker Scout can
@@ -245,8 +244,7 @@ changes the version automatically, because you're in control and you have an
 audit trail of when and how the change occurred.
 
 For more information about automatically updating your base images with Docker
-Scout, see
+Scout, see [Remediation](/manuals/scout/policy/remediation.md).
-[Remediation](../../scout/policy/remediation.md#automatic-base-image-updates).
 
 ## Build and test your images in CI
 

content/manuals/scout/integrations/code-quality/sonarqube.md

@@ -6,8 +6,8 @@ keywords: scout, supply chain, integration, code quality
 ---
 
 The SonarQube integration enables Docker Scout to surface SonarQube quality
-gate checks through Policy Evaluation, under a new [SonarQube quality gates passed
+gate checks through Policy Evaluation, under a new [SonarQube Quality Gates
-policy](/scout/policy/#sonarqube-quality-gates-passed).
+Policy](/manuals/scout/policy/_index.md#sonarqube-quality-gates-policy).
 
 ## How it works
 
@@ -68,8 +68,8 @@ To integrate Docker Scout with SonarQube, ensure that:
    statuses.
 
 From the integration overview page, you can go directly to the
-**SonarQube quality gates passed** policy.
+**SonarQube Quality Gates Policy**.
 This policy will have no results initially. To start seeing evaluation results
 for this policy, trigger a new SonarQube analysis of your project and push the
 corresponding image to a repository. For more information, refer to the
-[policy description](../../policy/_index.md#sonarqube-quality-gates-passed).
+[policy description](../../policy/_index.md#sonarqube-quality-gates).

content/manuals/scout/integrations/source-code-management/github.md

@@ -34,7 +34,7 @@ containing security fixes. The `alpine:3.18` tag you've been using becomes
 out-of-date; the `alpine:3.18` you're using is no longer the latest.
 
 When this happens, Docker Scout detects the discrepancy and surfaces it through
-the [No outdated base images](/scout/policy/#no-outdated-base-images) policy.
+the [Up-to-Date Base Images policy](/manuals/scout/policy/_index.md#up-to-date-base-images-policy).
 When the GitHub integration's enabled, you'll also get automated suggestions on
 how to update your base image. For more information about how Docker Scout can
 help you automatically improve your supply chain conduct and security posture,

content/manuals/scout/policy/_index.md

@@ -51,39 +51,47 @@ vulnerabilities. You can use policies to measure and track other aspects of
 supply chain management as well, such as open-source license usage and base
 image up-to-dateness.
 
-## Out-of-the-box policies
+## Policy types
 
-Docker Scout ships the following out-of-the-box policies:
+In Docker Scout, a *policy* is derived from a *policy type*. Policy types are
+templates that define the core parameters of a policy. You can compare policy
+types to classes in object-oriented programming, with each policy acting as an
+instance created from its corresponding policy type.
 
-- [No fixable critical or high vulnerabilities](#no-fixable-critical-or-high-vulnerabilities)
+Docker Scout supports the following policy types:
-- [No AGPL v3 licenses](#no-agpl-v3-licenses)
-- [No outdated base images](#no-outdated-base-images)
-- [No high-profile vulnerabilities](#no-high-profile-vulnerabilities)
-- [Supply chain attestations](#supply-chain-attestations)
-- [Default non-root user](#default-non-root-user)
-- [No unapproved base images](#no-unapproved-base-images)
 
-To give you a head start, Scout enables several policies by default for your
+- [Severity-Based Vulnerability](#severity-based-vulnerability)
-Scout-enabled repositories. You can customize the default configurations to
+- [Compliant Licenses](#compliant-licenses)
-reflect internal requirements and standards. You can also disable a policy
+- [Up-to-Date Base Images](#up-to-date-base-images)
-altogether if it isn't relevant to you. For more information, see [Configure
+- [High-Profile Vulnerabilities](#high-profile-vulnerabilities)
-policies](./configure.md).
+- [Supply Chain Attestations](#supply-chain-attestations)
+- [Default Non-Root User](#default-non-root-user)
+- [Approved Base Images](#approved-base-images)
+- [SonarQube Quality Gates](#sonarqube-quality-gates)
 
-There's also a set of [additional policies](#additional-policies) that can be
+Docker Scout automatically provides default policies for repositories where it
-optionally enabled for repositories.
+is enabled, except for the SonarQube Quality Gates policy, which requires
+[integration with SonarQube](/manuals/scout/integrations/code-quality/sonarqube.md)
+before use.
 
-### No fixable critical or high vulnerabilities
+You can create custom policies from any of the supported policy types, or
+delete a default policy if it isn't applicable to your project. For more
+information, refer to [Configure policies](./configure.md).
 
-The **No fixable critical or high vulnerabilities** policy requires that your
+<!-- vale Docker.HeadingSentenceCase = NO -->
-artifacts aren't exposed to known vulnerabilities where there's a fix version
-available. Essentially, this means that there's an easy fix that you can deploy
-for images that fail this policy: upgrade the vulnerable package to a version
-containing a fix for the vulnerability.
 
-By default, this policy only flags critical and high severity vulnerabilities.
+### Severity-Based Vulnerability
 
-This policy is violated if an artifact is affected by one or more critical-
+The **Severity-Based Vulnerability** policy type checks whether your
-or high-severity vulnerability, where a fix version is available.
+artifacts are exposed to known vulnerabilities.
+
+By default, this policy only flags critical and high severity vulnerabilities
+where there's a fix version available. Essentially, this means that there's an
+easy fix that you can deploy for images that fail this policy: upgrade the
+vulnerable package to a version containing a fix for the vulnerability.
+
+Images are deemed non-compliant with this policy if they contain one or more
+vulnerabilities that fall outside the specified policy criteria.
 
 You can configure the parameters of this policy by creating a custom version of the policy.
 The following policy parameters are configurable in a custom version:
@@ -109,31 +117,32 @@ The following policy parameters are configurable in a custom version:
 
 For more information about configuring policies, see [Configure policies](./configure.md).
 
-### No AGPL v3 licenses
+### Compliant Licenses
 
-The **No AGPL v3 licenses** policy requires that your artifacts don't contain
+The **Compliant Licenses** policy type checks whether your images contain
-packages distributed under an AGPLv3 license. This policy is violated if
+packages distributed under an inappropriate license. Images are considered
-your artifacts contain one or more packages with this license.
+non-compliant if they contain one or more packages with such a license.
 
 You can configure the list of licenses that this policy should look out for,
 and add exceptions by specifying an allow-list (in the form of PURLs).
 See [Configure policies](./configure.md).
 
-### No outdated base images
+### Up-to-Date Base Images
 
-The **No outdated base images** policy requires that the base images you use are
+The **Up-to-Date Base Images** policy type checks whether the base images you
-up-to-date.
+use are up-to-date.
 
-It's violated when the tag you used to build your image points to a
+Images are considered non-compliant with this policy if the tag you used to
-different digest than what you're using. If there's a mismatch in digests, that
+build your image points to a different digest than what you're using. If
-means the base image you're using is out of date.
+there's a mismatch in digests, that means the base image you're using is out of
+date.
 
 Your images need provenance attestations for this policy to successfully
 evaluate. For more information, see [No base image data](#no-base-image-data).
 
-### No high-profile vulnerabilities
+### High-Profile Vulnerabilities
 
-The **No high-profile vulnerabilities** policy requires that your artifacts don't
+The **High-Profile Vulnerabilities** policy type checks whether your images
 contain vulnerabilities from Docker Scout’s curated list. This list is kept
 up-to-date with newly disclosed vulnerabilities that are widely recognized to
 be risky.
@@ -150,8 +159,8 @@ The list includes the following vulnerabilities:
 - [CVE-2024-47175 (OpenPrinting - `libppd`)](https://scout.docker.com/v/CVE-2024-47175)
 - [CVE-2024-47177 (OpenPrinting - `cups-filters`)](https://scout.docker.com/v/CVE-2024-47177)
 
-You can configure the CVEs included in this list by creating a custom policy.
+You can customize this policy to change which CVEs that are considered
-Custom configuration options include:
+high-profile by configuring the policy. Custom configuration options include:
 
 - **Excluded CVEs**: Specify the CVEs that you want this policy to ignore.
 
@@ -167,14 +176,14 @@ Custom configuration options include:
 
 For more information on policy configuration, see [Configure policies](./configure.md).
 
-### Supply chain attestations
+### Supply Chain Attestations
 
-The **Supply chain attestations** policy requires that your artifacts have
+The **Supply Chain Attestations** policy type checks whether your images have
 [SBOM](/manuals/build/metadata/attestations/sbom.md) and
 [provenance](/manuals/build/metadata/attestations/slsa-provenance.md) attestations.
 
-This policy is violated if an artifact lacks either an SBOM attestation or a
+Images are considered non-compliant if they lack either an SBOM attestation or
-provenance attestation with max mode. To ensure compliance,
+a provenance attestation with *max mode* provenance. To ensure compliance,
 update your build command to attach these attestations at build-time:
 
 ```console
@@ -188,7 +197,7 @@ If you're using GitHub Actions to build and push your images,
 learn how you can [configure the action](/manuals/build/ci/github-actions/attestations.md)
 to apply SBOM and provenance attestations.
 
-### Default non-root user
+### Default Non-Root User
 
 By default, containers run as the `root` superuser with full system
 administration privileges inside the container, unless the Dockerfile specifies
@@ -196,10 +205,10 @@ a different default user. Running containers as a privileged user weakens their
 runtime security, as it means any code that runs in the container can perform
 administrative actions.
 
-The **Default non-root user** policy detects images that are set to run as the
+The **Default Non-Root User** policy type detects images that are set to run as
-default `root` user. To comply with this policy, images must specify a non-root
+the default `root` user. To comply with this policy, images must specify a
-user in the image configuration. Images violate this policy if they don't
+non-root user in the image configuration. Images are non-compliant with this
-specify a non-root default user for the runtime stage.
+policy if they don't specify a non-root default user for the runtime stage.
 
 For non-compliant images, evaluation results show whether or not the `root`
 user was set explicitly for the image. This helps you distinguish between
@@ -265,9 +274,9 @@ ENTRYPOINT ["/app/production"]
 {{< /tab >}}
 {{< /tabs >}}
 
-### No unapproved base images
+### Approved Base Images
 
-The **No unapproved base images** policy ensures that the base images you use
+The **Approved Base Images** policy type ensures that the base images you use
 in your builds are maintained and secure.
 
 This policy checks whether the base images used in your builds match any of the
@@ -322,18 +331,9 @@ This policy is configurable with the following options:
 Your images need provenance attestations for this policy to successfully
 evaluate. For more information, see [No base image data](#no-base-image-data).
 
-## Additional policies
+### SonarQube Quality Gates
 
-In addition to the [out-of-the-box policies](#out-of-the-box-policies) enabled
+The **SonarQube Quality Gates** policy type builds on the [SonarQube
-by default, Docker Scout supports the following optional policies. Before you
-can enable these policies, you need to either configure the policies, or
-configure the integration that the policy requires.
-
-- [SonarQube quality gates passed](#sonarqube-quality-gates-passed)
-
-### SonarQube quality gates passed
-
-The **SonarQube quality gates passed** policy builds on the [SonarQube
 integration](../integrations/code-quality/sonarqube.md) to assess the quality
 of your source code. This policy works by ingesting the SonarQube code analysis
 results into Docker Scout.
@@ -366,8 +366,8 @@ in the CLI.
 ## No base image data
 
 There are cases when it's not possible to determine information about the base
-images used in your builds. In such cases, the **No outdated base images** and
+images used in your builds. In such cases, the **Up-to-Date Base Images** and
-**No unapproved base images** policies get flagged as having **No data**.
+**Approved Base Images** policies get flagged as having **No data**.
 
 This "no data" state occurs when:
 

content/manuals/scout/policy/configure.md

@@ -1,36 +1,46 @@
 ---
 title: Configure policies
-description: Learn how to configure or disable the default policies in Docker Scout
+description: Learn how to configure, disable, or delete policies in Docker Scout
-keywords: scout, policy, configure, disable, enable, parametrize, thresholds
+keywords: scout, policy, configure, delete, enable, parametrize, thresholds
 ---
 
-Some of the existing policies are configurable. This means that you can clone
+Some policy types are configurable. This means that you can create new,
-an existing policy and create new, custom policies with your own configuration.
+customized version of that policy type with your own configuration parameters.
-You can also disable a policy altogether, if a policy doesn't quite match your
+You can also disable a policy if you need to temporarily disregard it, or
-needs.
+delete a policy altogether if it doesn't match your needs.
 
-## Configure a policy
+> [!NOTE]
+> Historic evaluation results for the default policy configuration are removed
+> if you delete or customize a policy.
 
-To change the configuration of a policy, you must clone one of the existing
+## Add a policy
-default policies, and then save your configuration as a new policy. You can
-edit the display name and description of the new policy to help distinguish
-it from the default policy it's based on.
 
-The available configuration parameters for a policy depends on the default
+To add a new policy, select the policy type that you want to customize. All
-policy you used as a base for your custom policy.
+custom policies use a policy type as a base.
 
-To configure a policy:
+You can edit the display name and description of the new policy to help
+better communicate the compliant and non-compliant states of the policy.
+You can not change the name of the policy type, only its display names.
+
+The available configuration parameters for a policy depends on the
+policy type that you're editing. For more information, refer to
+[Policy types](/manuals/scout/policy/_index.md#policy-types).
+
+To add a policy:
 
 1. Go to the [Policies page](https://scout.docker.com/reports/policy) in the Docker Scout Dashboard.
-2. Select the policy you want to configure.
+2. Select the **Add policy** button to open the policy configuration screen.
-3. Select **View policy details** to open the policy side panel.
+3. On the policy configuration screen, locate the policy type that you want to
+   configure, and select **Configure** to open the policy configuration panel.
 
-   If this button is grayed out, then the selected policy doesn't have any
+   - If the **Configure** button is grayed out, it means the selected policy
-   configuration parameters.
+     has no configurable parameters.
+   - If the button reads **Integrate**, it indicates that setup is required
+     before the policy can be enabled. Selecting **Integrate** will direct you
+     to the integration's setup guide.
 
-4. In the side panel, select **Copy to customize** to open the policy configuration page.
+4. Update the policy parameters.
-5. Update the policy parameters.
+5. Save the changes:
-6. Save the changes:
 
    - Select **Save and enable** to commit the changes and enable the policy for
      your current organization.
@@ -50,3 +60,21 @@ To disable a policy:
 1. Go to the [Policies page](https://scout.docker.com/reports/policy) in the Docker Scout Dashboard.
 2. Select the policy you want to disable.
 3. Select the **Disable** button.
+
+## Delete a policy
+
+When you delete a policy, evaluation results for that policy are deleted as
+well, and no longer appear in the Docker Scout Dashboard or in the CLI.
+
+To delete a policy:
+
+1. Go to the [Policies page](https://scout.docker.com/reports/policy) in the Docker Scout Dashboard.
+2. Select the policy you want to delete.
+3. Select **View policy details**.
+4. Select the **Delete** button.
+
+## Recover a deleted policy
+
+If you've deleted a policy, you can recreate it by following the steps in [Add
+a policy](#add-a-policy). On the policy configuration screen, select
+**Configure** on the deleted policy that you wish to recreate.

content/manuals/scout/policy/remediation.md

@@ -14,10 +14,15 @@ suggested actions you can take that improve policy compliance, or that add
 metadata to images which enables Docker Scout to provide better evaluation
 results and recommendations.
 
-Docker Scout provides remediation advice for the following policies:
+Docker Scout provides remediation advice for the default policies of the
+following policy types:
 
-- [No outdated base images](#no-outdated-base-image-remediation)
+- [Up-to-Date Base Images](#up-to-date-base-images-remediation)
-- [Supply chain attestations](#supply-chain-attestations-remediation)
+- [Supply Chain Attestations](#supply-chain-attestations-remediation)
+
+<!-- TODO(dvdksn): verify the following -->
+> [!NOTE]
+> Guided remediation is not supported for custom policies.
 
 For images that violate policy, the recommendations focus on addressing
 compliance issues and fixing violations. For images where Docker Scout is
@@ -59,9 +64,9 @@ temporary solution.
 The side panel may also contain one or more help sections related to the
 available recommendations.
 
-## No outdated base image remediation
+## Up-to-Date Base Images remediation
 
-The **No outdated base images** policy checks whether the base image you use is
+The **Up-to-Date Base Images** policy checks whether the base image you use is
 up-to-date. The recommended actions displayed in the remediation side panel
 depend on how much information Docker Scout has about your image. The more
 information that's available, the better the recommendations.
@@ -133,10 +138,10 @@ versions](/manuals/build/building/best-practices.md#pin-base-image-versions).
   https://github.com/docker/docs/pull/18961#discussion_r1447189475
 -->
 
-## Supply chain attestations remediation
+## Supply Chain Attestations remediation
 
-The **Supply chain attestations** policy requires full provenance and SBOM
+The default **Supply Chain Attestations** policy requires full provenance and
-attestations on images. If your image is missing an attestation, or if an
+SBOM attestations on images. If your image is missing an attestation, or if an
 attestation doesn't contain enough information, the policy is violated.
 
 The recommendations available in the remediation side panel helps guide you to

content/manuals/scout/policy/scores.md

@@ -52,13 +52,8 @@ along with each policy that contributed to the score.
 ## Scoring system
 
 Health scores are determined by evaluating images against Docker Scout
-[policies](./_index.md). These policies align with best practices for
+[policies](./_index.md). These policies align with best practices for the
-the software supply chain and are recommended by Docker as foundational
+software supply chain.
-standards for images. Some examples of these policies include:
-
-- **Supply chain attestations**: Images should have supply chain attestations.
-- **No outdated base images**: Images should not use outdated base images.
-- **No AGPL v3 licenses**: Images should not contain AGPL v3-licensed packages.
 
 If your image repositories are already enrolled with Docker Scout, the health
 score is calculated automatically based on the policies that are enabled for
@@ -66,19 +61,21 @@ your organization. This also includes any custom policies that you have
 configured.
 
 If you're not using Docker Scout, the health scores show the compliance of your
-images with the default, [out-of-the-box policies](/manuals/scout/policy/_index.md#out-of-the-box-policies).
+images with the default policies, a set of supply chain rules recommended by
-You can enable Docker Scout for your organization to get a more relevant health
+Docker as foundational standards for images. You can enable Docker Scout for
-score based on your specific policies.
+your organization and edit the policy configurations to get a more relevant
+health score based on your specific policies.
 
 ### Scoring process
 
-Each policy is assigned a points value. If the image is compliant with a
+Each policy is assigned a points value based on its
-policy, it is awarded the points value for that policy. The health score of an
+[type](/manuals/scout/policy/_index.md#policy-types). If the image is compliant
-image is calculated based on the percentage of points achieved relative to the
+with a policy, it is awarded the points value for that policy type. The health
-total possible points.
+score of an image is calculated based on the percentage of points achieved
+relative to the total possible points.
 
 1. Policy compliance is evaluated for the image.
-2. Points are awarded based on adherence to these policies.
+2. Points are awarded based on compliance with policies.
 3. The points achieved percentage is calculated:
 
    ```text
@@ -114,18 +111,19 @@ If you see an `N/A` score, consider the following:
 
 ### Policy weights
 
-The policies that influence the score, and their respective weights, are as follows:
+Different policy types carry varying weights, which impact the score assigned
+to an image during evaluation, as shown in the following table.
 
-| Policy                                                                                                                     | Points |
+| Policy type                                                                                  | Points |
-| -------------------------------------------------------------------------------------------------------------------------- | ------ |
+| -------------------------------------------------------------------------------------------- | ------ |
-| [No fixable critical or high vulnerabilities](/manuals/scout/policy/_index.md#no-fixable-critical-or-high-vulnerabilities) | 20     |
+| [Severity-Based Vulnerability](/manuals/scout/policy/_index.md#severity-based-vulnerability) | 20     |
-| [No high-profile vulnerabilities](/manuals/scout/policy/_index.md#no-high-profile-vulnerabilities)                         | 20     |
+| [High-Profile Vulnerabilities](/manuals/scout/policy/_index.md#high-profile-vulnerabilities) | 20     |
-| [Supply chain attestations](/manuals/scout/policy/_index.md#supply-chain-attestations)                                     | 15     |
+| [Supply Chain Attestations](/manuals/scout/policy/_index.md#supply-chain-attestations)       | 15     |
-| [No unapproved base images](/manuals/scout/policy/_index.md#no-unapproved-base-images)                                     | 15     |
+| [Approved Base Images](/manuals/scout/policy/_index.md#approved-base-images)                 | 15     |
-| [No outdated base images](/manuals/scout/policy/_index.md#no-outdated-base-images)                                         | 10     |
+| [Up-to-Date Base Images](/manuals/scout/policy/_index.md#up-to-date-base-images)             | 10     |
-| [SonarQube quality gates passed](/manuals/scout/policy/_index.md#sonarqube-quality-gates-passed) \*                        | 10     |
+| [SonarQube Quality Gates](/manuals/scout/policy/_index.md#sonarqube-quality-gates) \*        | 10     |
-| [Default non-root user](/manuals/scout/policy/_index.md#default-non-root-user)                                             | 5      |
+| [Default Non-Root User](/manuals/scout/policy/_index.md#default-non-root-user)               | 5      |
-| [No AGPL v3 licenses](/manuals/scout/policy/_index.md#no-agpl-v3-licenses)                                                 | 5      |
+| [Compliant Licenses](/manuals/scout/policy/_index.md#compliant-licenses)                     | 5      |
 
 \* _This policy is not enabled by default and must be configured by the user._
 
@@ -143,12 +141,13 @@ view of the repository's security status.
 
 ### Example
 
-For an image with a total possible score of 90 points:
+For an image with a total possible score of 100 points:
 
-- If the image only deviates from one policy (for example, the Copyleft
+- If the image only deviates from one policy, worth 5 points, its score will be
-  Licenses policy), it might score 85 out of 90, resulting in a score of A.
+  95 out of 100. Since this score is above the 90th percentile, the image
-- If the image has fixable CVEs and other issues, it might score 65 out of 90,
+  receives an A health score.
-  resulting in a score of B.
+- If the image is non-compliant with more policies and scores 65 out of 100, it
+  receives a C health score, reflecting its lower compliance.
 
 ## Improving your health score
 

content/manuals/scout/quickstart.md

@@ -155,7 +155,7 @@ $ docker scout config organization <ORG_NAME>
 
 Now you can run the `quickview` command to get an overview
 of the compliance status for the image you just built.
-The image is evaluated against the default, out-of-the-box policies.
+The image is evaluated against the default policy configurations.
 
 ```console
 $ docker scout quickview
@@ -240,7 +240,7 @@ The sidebar shows a compliance overview for the last pushed tag of a repository.
 > It might take a few minutes before the results appear if this is your
 > first time using the Docker Scout Dashboard.
 
-Inspect the **No outdated base images** policy.
+Inspect the **Up-to-Date Base Images** policy.
 This policy checks whether base images you use are up-to-date.
 It currently has a non-compliant status,
 because the example image uses an old version `alpine` as a base image.

content/manuals/scout/release-notes/platform.md

@@ -8,6 +8,8 @@ aliases:
 tags: [Release notes]
 ---
 
+<!-- vale Docker.We = NO -->
+
 This page contains information about the new features, improvements, known
 issues, and bug fixes in Docker Scout releases. These release notes cover the
 Docker Scout platform, including the Dashboard. For CLI release notes, refer to
@@ -20,6 +22,16 @@ for what's coming next.
 
 New features and enhancements released in the third quarter of 2024.
 
+### 2024-09-30
+
+In this release, we've changed how custom policies work. Before, custom
+policies were created by copying an out-of-the-box policy. Now, you can
+customize policies either by editing the default policy from a **policy type**
+which acts as a template. The default policies in Docker Scout are also
+implemented based on these types.
+
+For more information, refer to [policy types](/manuals/scout/policy/_index.md#policy-types).
+
 ### 2024-09-09
 
 This release changes how [health scores](/manuals/scout/policy/scores.md) are
@@ -42,10 +54,10 @@ The default out-of-the-box policies are now:
 
 - **No high-profile vulnerabilities**
 - **No fixable critical or high vulnerabilities**
-- **No unapproved base images**
+- **Approved Base Images**
 - **Default non-root user**
 - **Supply chain attestations**
-- **No outdated base images**
+- **Up-to-Date Base Images**
 - **No AGPL v3 licenses**
 
 The configurations for these policies are now the same as the configurations
@@ -114,14 +126,11 @@ For more information and setup instructions, see
 
 ### 2024-01-23
 
-New **No unapproved base images** policy, which lets you restrict which base
+New **Approved Base Images** policy, which lets you restrict which base
 images you allow in your builds. You define the allowed base images using a
 pattern. Base images whose image reference don't match the specified patterns
 cause the policy to fail.
 
-For more information, see
-[No unapproved base images](/scout/policy/#no-unapproved-base-images).
-
 ### 2024-01-12
 
 New **Default non-root user** policy, which flags images that would run as the
@@ -129,8 +138,6 @@ New **Default non-root user** policy, which flags images that would run as the
 Specifying a non-root default user for your images can help strengthen your
 runtime security.
 
-For more information, see [Default non-root user](/scout/policy/#default-non-root-user).
-
 ### 2024-01-11
 
 [Beta](../../release-lifecycle.md#beta) launch of a new GitHub app for integrating
@@ -176,11 +183,6 @@ gates as a policy evaluation in Docker Scout. Enable the integration, push your
 images, and see the SonarQube quality gate conditions surfaced in the new
 **SonarQube quality gates passed** policy.
 
-For more information, see:
-
-- [Integration and setup instructions](../integrations/code-quality/sonarqube.md)
-- [SonarQube quality gates passed policy](/scout/policy/#sonarqube-quality-gates-passed)
-
 ### 2023-12-01
 
 [Beta](../../release-lifecycle.md#beta) release of a new **Azure Container
@@ -210,17 +212,11 @@ images are built with SBOM and provenance attestations. Adding attestations to
 images is a good first step in improving your supply chain conduct, and is
 often a prerequisite for doing more.
 
-See [Supply chain attestations policy](/scout/policy/#supply-chain-attestations)
-for details.
-
 ### 2023-11-01
 
 New **No high-profile vulnerabilities** policy, which ensures your artifacts are
 free from a curated list of vulnerabilities widely recognized to be risky.
 
-For more information, see
-[No high-profile vulnerabilities policy](/scout/policy/#no-high-profile-vulnerabilities).
-
 ### 2023-10-04
 
 This marks the General Availability (GA) release of Docker Scout.

data/redirects.yml

@@ -126,21 +126,21 @@
   - /go/scout-dashboard/
 "/scout/policy/":
   - /go/scout-policy/
-"/scout/policy/#no-fixable-critical-or-high-vulnerabilities":
+"/scout/policy/#severity-based-vulnerability":
   - /go/scout-policy-dsp001/
-"/scout/policy/#no-agpl-v3-licenses":
+"/scout/policy/#compliant-licenses":
   - /go/scout-policy-dsp002/
-"/scout/policy/#no-outdated-base-images":
+"/scout/policy/#up-to-date-base-images":
   - /go/scout-policy-dsp003/
-"/scout/policy/#no-high-profile-vulnerabilities":
+"/scout/policy/#high-profile-vulnerabilities":
   - /go/scout-policy-dsp004/
 "/scout/policy/#supply-chain-attestations":
   - /go/scout-policy-dsp005/
 "/scout/policy/#default-non-root-user":
   - /go/scout-policy-dsp006/
-"/scout/policy/#no-unapproved-base-images":
+"/scout/policy/#approved-base-images":
   - /go/scout-policy-dsp007/
-"/scout/policy/#sonarqube-quality-gates-passed":
+"/scout/policy/#sonarqube-quality-gates":
   - /go/scout-policy-dsp008/
 "/scout/policy/configure/":
   - /go/scout-configure-policy/
@@ -287,4 +287,4 @@
 "/admin/organization/insights/#docker-hub-images":
   - /go/insights-images/
 "/admin/organization/insights/#extensions":
-  - /go/insights-extensions/
+  - /go/insights-extensions/