Merge pull request #19145 from felipecruz91/patch-2

Update SSC attestations policy description
2024-01-19 10:56:39 +01:00 · 2024-01-19 10:56:39 +01:00 · fdc73c2002
parent e10a69a3ea da905e892c
commit fdc73c2002
1 changed files with 2 additions and 10 deletions
--- a/content/scout/policy/_index.md
+++ b/content/scout/policy/_index.md
@ -165,25 +165,17 @@ The **Supply chain attestations** policy requires that your artifacts have
 [provenance](../../build/attestations/slsa-provenance.md) attestations.

 This policy is unfulfilled if an artifact lacks either an SBOM attestation or a
-provenance attestation, or if the provenance attestation lacks information
-about the Git repository and base images being used. To ensure compliance,
+provenance attestation with max mode. To ensure compliance,
 update your build command to attach these attestations at build-time:

 ```console
 $ docker buildx build --provenance=true --sbom=true -t <IMAGE> --push .
 ```

-BuildKit automatically detects the Git repository and base images when this
-information is available in the build context. For more information about
+For more information about
 building with attestations, see
 [Attestations](../../build/attestations/_index.md).

-> **Note**
->
-> Docker Scout is currently unable to discern the difference between using
-> `scratch` as a base image and having no base image provenance. As a result,
-> images based on `scratch` always fail the Supply chain attestations policy.
-
 ### Quality gates passed

 The Quality gates passed policy builds on the [SonarQube