Skip to content

docs: remove stale TODO comments from Scout remediation page #24927

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
usha-mandya merged 1 commit into from
Apr 30, 2026
+0 −26
Merged

docs: remove stale TODO comments from Scout remediation page #24927

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 0 additions & 26 deletions content/manuals/scout/policy/remediation.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ following policy types:
- [Up-to-Date Base Images](#up-to-date-base-images-remediation)
- [Supply Chain Attestations](#supply-chain-attestations-remediation)

<!-- TODO(dvdksn): verify the following -->
> [!NOTE]
> Guided remediation is not supported for custom policies.

Expand Down Expand Up @@ -78,20 +77,6 @@ For Docker Scout to be able to evaluate this policy, you must add [provenance
attestations](/manuals/build/metadata/attestations/slsa-provenance.md) to your image. If
your image doesn't have provenance attestations, compliance is undeterminable.

<!--
TODO(dvdksn): no support for the following, yet

When provenance attestations are unavailable, Docker Scout provides generic,
best-effort recommendations in the remediation side panel. These
recommendations estimate your base using information from image analysis
results. The base image version is unknown, but you can manually select the
version you use in the remediation side panel. This lets Docker Scout evaluate
whether the base image detected in the image analysis is up-to-date with the
version you selected.

https://github.com/docker/docs/pull/18961#discussion_r1447186845
-->

### Provenance attestations available

With provenance attestations added, Docker Scout can correctly detect the base
Expand Down Expand Up @@ -125,17 +110,6 @@ changes from making their way into your supply chain.
For more information about base image pinning, see [Pin base image
versions](/manuals/build/building/best-practices.md#pin-base-image-versions).

<!--
TODO(dvdksn): no support for the following, yet

Enabling the GitHub integration also allows Docker Scout to visualize the
remediation workflow in the Docker Scout Dashboard. Each step, from the pull
request being raised to the image being deployed to an environment, is
displayed in the remediation sidebar when inspecting the image.

https://github.com/docker/docs/pull/18961#discussion_r1447189475
-->

## Supply Chain Attestations remediation

The default **Supply Chain Attestations** policy requires full provenance and
Expand Down