docs: add missing 'fixed' status to VEX status reference table#25438
Closed
mohithshuka wants to merge 14 commits into
Closed
docs: add missing 'fixed' status to VEX status reference table#25438mohithshuka wants to merge 14 commits into
mohithshuka wants to merge 14 commits into
Conversation
added 14 commits
May 15, 2026 16:36
The previous description said 'optimize your repository storage' which was vague and did not reflect the page's actual content. The manage.md page is focused on viewing, filtering, and deleting images and image indexes. Updated the description to accurately reflect this. Fixes docker#25005
The daemon configuration overview only mentioned two methods (JSON file and flags) but was missing the environment variables method via systemd. Added a new section explaining how to use systemd drop-in overrides to set daemon environment variables. Fixes docker#25062
Replace shorthand alias 'docker scout env' with the full canonical command name 'docker scout environment' in the environment integration overview page, matching the CLI reference and cli.md usage. Closes docker#25085
The _index.md page mixed 'docker scout env' and 'docker scout environment' interchangeably. The CLI reference uses 'environment' as the canonical name, so prose references are updated to match. Fixes docker#25085
…ct example Fixes docker#25192 useState was used on line 286 but was missing from the import statement, causing an error if users follow the tutorial literally.
The React code example was using useState, useEffect, and createDockerDesktopClient without importing them, which would cause errors for anyone copy-pasting the snippet. Fixes docker#25192
…rial The createDockerDesktopClient() was declared twice - once at module level (correct) and again inside the App() function (redundant/incorrect). Removed the duplicate declaration inside the function. Fixes docker#25192
The Docker driver page did not mention that multi-platform builds are unsupported, which caused confusion when users encountered runtime errors. Added a Limitations section that clearly states this and links to alternatives. Fixes docker#25044
- Moved Limitations section before Further reading - Corrected multi-platform statement: it depends on the storage driver, not a blanket limitation. Containerd snapshotters (default in Docker Engine v29.x+) support multi-platform builds, while legacy graph-drivers do not. Based on review feedback from thaJeztah.
Fixes docker#25337 - Fix broken sentence in .env file additional information section ('that as' -> 'that are also set as') - Add note clarifying that interpolation precedence is distinct from container environment variable precedence, linking to the dedicated precedence page to reduce confusion
Both cursor.md and droid.md tell users to run `sbx secret set -g cursor` and `sbx secret set -g droid`, but the built-in services table they link to didn't list either service. Fixes docker#25272
Closes docker#25433 The VEX status table only listed 3 of the 4 OpenVEX status values. Added the 'fixed' status with a note that DHI does not use it, linking to the existing explanation section below.
mohithshuka
requested review from
aevesdocker,
craig-osterhout and
dvdksn
as code owners
❌ Deploy Preview for docsdocker failed. Why did it fail? →
|
github-actions
Bot
added
area/engine
Contributor
There was a problem hiding this comment.
Pull request overview
This PR primarily aims to complete the Docker Hardened Images (DHI) VEX documentation by adding the missing fixed OpenVEX status to the VEX status reference table. In addition, it includes a set of broader documentation edits across Scout, Extensions SDK, Engine daemon configuration, Compose, Build, and AI sandbox docs.
Changes:
- Add the missing
fixedstatus row to the OpenVEX status reference table in DHI VEX docs. - Update/adjust various CLI/code examples and minor prose issues (Docker Scout environments, Extensions SDK snippets, Compose env var text).
- Add/expand documentation sections (daemon config via env vars, Buildx Docker driver limitations, QEMU manual install rationale, AI sandbox built-in services table).
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| content/manuals/scout/integrations/environment/_index.md | Updates Scout environment command examples (but currently introduces inconsistencies/duplication that need fixes). |
| content/manuals/extensions/extensions-sdk/guides/invoke-host-binaries.md | Adjusts React snippet to use a module-level Docker Desktop client (but currently adds invalid leading blank lines before front matter). |
| content/manuals/extensions/extensions-sdk/build/backend-extension-tutorial.md | Updates React snippet imports and client initialization pattern. |
| content/manuals/engine/daemon/_index.md | Adds environment-variable configuration section (but currently contains broken/mismatched code fences and a “both of these options” inconsistency). |
| content/manuals/dhi/core-concepts/vex.md | Adds the missing fixed status row to the VEX status reference table. |
| content/manuals/compose/how-tos/environment-variables/variable-interpolation.md | Fixes a grammar issue (but leaves a double-space typo). |
| content/manuals/build/building/multi-platform.md | Rewords QEMU manual install guidance to clarify when it’s needed. |
| content/manuals/build/builders/drivers/docker.md | Adds a “Limitations” section (but currently includes a broken internal link). |
| content/manuals/ai/sandboxes/security/credentials.md | Adds cursor and droid entries to the built-in services credentials table. |
Comments suppressed due to low confidence (1)
content/manuals/engine/daemon/_index.md:49
- After introducing a third configuration method, this sentence still says "both of these options" (implying two). It should specifically describe which methods can be combined (JSON file + flags).
You can use both of these options together as long as you don't specify the same
option both as a flag and in the JSON file. If that happens, the Docker daemon
won't start and prints an error message.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+101
to
+102
| Alternatively, you can Use the `docker scout environment` command to view the images from the terminal. | ||
| use the `docker scout environment` command to view the images from the terminal. |
Comment on lines
+1
to
7
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
| --- |
| > [!IMPORTANT] | ||
| > | ||
| > Be aware of [Environment variables precedence](envvars-precedence.md) when using variables in an `.env` file that as environment variables in your container's environment. | ||
| > Be aware of [Environment variables precedence](envvars-precedence.md) when using variables in an `.env` file that are also set as environment variables in your container's environment. |
Comment on lines
+44
to
+53
| The Docker driver has the following limitations: | ||
|
|
||
|
|
||
| - You can't configure custom BuildKit versions or parameters. These are | ||
| managed internally by the Docker Engine. | ||
| - Multi-platform builds require the containerd image store. If your Docker | ||
| Engine uses legacy graph-drivers, multi-platform builds are not supported. | ||
| Docker Engine v29.x and later uses containerd snapshotters by default, | ||
| which does support multi-platform builds. See | ||
| [containerd image store](../../../storage/containerd.md) for more details. No newline at end of file |
| | `under_investigation` | Docker is aware of the CVE and is actively evaluating whether it affects the image | | ||
| | `affected` | Docker has confirmed the CVE is exploitable in the image and a fix is not yet available | | ||
|
|
||
| | `fixed` | A fix for the CVE is available in this version. DHI does not use this status; see [Why DHI does not use `fixed`](#why-dhi-does-not-use-fixed) | |
Comment on lines
51
to
+55
| To see all of the available environments for an organization, you can use the | ||
| `docker scout env` command. | ||
|
|
||
| ```console | ||
| $ docker scout env | ||
| $ docker scout environment |
Comment on lines
+104
to
+120
| ````````console | ||
| $ sudo systemctl edit docker | ||
| ``````` | ||
|
|
||
| Add the following: | ||
|
|
||
| ``````ini | ||
| [Service] | ||
| Environment="DOCKER_OPTS=--debug --tls=true" | ||
| ````` | ||
|
|
||
| Then reload and restart the daemon: | ||
|
|
||
| ````console | ||
| $ sudo systemctl daemon-reload | ||
| $ sudo systemctl restart docker | ||
| ``` |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #25433
What changed
Added the missing
fixedstatus row to the VEX status reference tablein
content/manuals/dhi/core-concepts/vex.md.Why
The table stated "DHI uses three of the four OpenVEX status values" but
only listed 3 statuses, never showing what the 4th (
fixed) even was.Readers had no way to know from the table alone. The
fixedrow nowappears in the table with a link to the existing explanation of why DHI
does not use it.
Type of change