From 26e3a1e226b031f9837cb43ef221c213c466b049 Mon Sep 17 00:00:00 2001
From: Craig Osterhout <craig.osterhout@docker.com>
Date: Thu, 12 Feb 2026 11:43:09 -0800
Subject: [PATCH 1/2] dhi: add build transparency

Signed-off-by: Craig Osterhout <craig.osterhout@docker.com>
---
 content/manuals/dhi/explore/build-process.md | 30 ++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/content/manuals/dhi/explore/build-process.md b/content/manuals/dhi/explore/build-process.md
index a888a427ec3e..0dcce349d85f 100644
--- a/content/manuals/dhi/explore/build-process.md
+++ b/content/manuals/dhi/explore/build-process.md
@@ -18,6 +18,36 @@ both base and customized images is backed by SLA commitments, including a 7-day
 SLA for critical and high severity vulnerabilities. Only DHI Enterprise includes
 SLAs. DHI Free offers a secure baseline but no guaranteed remediation timelines.
 
+## Build transparency
+
+Docker Hardened Images provide transparency into how images are built through
+publicly available definitions and verifiable attestations.
+
+### Image definitions
+
+All image definitions are publicly available in the [catalog
+repository](https://github.com/docker-hardened-images/catalog).
+
+Each image definition is a declarative YAML specification that includes metadata,
+contents, build pipeline steps, security configurations, and runtime settings.
+
+### SLSA attestations
+
+Every Docker Hardened Image includes SLSA Build Level 3 attestations that provide
+verifiable build provenance. These attestations show:
+
+- Exactly how the image was built
+- The build system and environment used
+- All inputs and dependencies
+- When and where the build occurred
+
+You can verify and inspect these attestations to confirm the integrity and
+provenance of any image. See [SLSA](../core-concepts/slsa.md) for details on
+how to verify build attestations.
+
+This transparency allows security teams to review image configurations and
+understand what goes into each image.
+
 ## Build triggers
 
 Builds start automatically. You don't trigger them manually. The system monitors

From fe4c66a784384f3adb6bb9d0339e84c09874d9c7 Mon Sep 17 00:00:00 2001
From: Craig Osterhout <craig.osterhout@docker.com>
Date: Thu, 12 Feb 2026 12:04:53 -0800
Subject: [PATCH 2/2] agent feedback1

Signed-off-by: Craig Osterhout <craig.osterhout@docker.com>
---
 content/manuals/dhi/explore/build-process.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/manuals/dhi/explore/build-process.md b/content/manuals/dhi/explore/build-process.md
index 0dcce349d85f..f211d3b50794 100644
--- a/content/manuals/dhi/explore/build-process.md
+++ b/content/manuals/dhi/explore/build-process.md
@@ -45,7 +45,7 @@ You can verify and inspect these attestations to confirm the integrity and
 provenance of any image. See [SLSA](../core-concepts/slsa.md) for details on
 how to verify build attestations.
 
-This transparency allows security teams to review image configurations and
+This transparency lets security teams review image configurations and
 understand what goes into each image.
 
 ## Build triggers