dhi: add auto build info for customization (#23651)

craig-osterhout · web-flow · commit 2f6af4a6c2cc · 2025-11-05T09:19:56.000-08:00
## Description Added when customized images are rebuilt based on https://www.docker.com/blog/the-next-evolution-of-docker-hardened-images Updated topics: - https://deploy-preview-23651--docsdocker.netlify.app/dhi/how-to/customize/ - https://deploy-preview-23651--docsdocker.netlify.app/dhi/features/patching/#automatic-patching-for-customized-images ## Related issues or tickets [ENGDOCS-3098](https://docker.atlassian.net/browse/ENGDOCS-3098) https://docker.slack.com/archives/C04M34MRQS1/p1762150009971479?thread_ts=1762149292.279889&cid=C04M34MRQS1 ## Reviews   - [ ] Editorial review - [ ] Product review [ENGDOCS-3098]: https://docker.atlassian.net/browse/ENGDOCS-3098?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ Signed-off-by: Craig Osterhout <craig.osterhout@docker.com>
diff --git a/content/manuals/dhi/features/patching.md b/content/manuals/dhi/features/patching.md
@@ -39,4 +39,15 @@ Docker Hardened Images are automatically rebuilt and tested.
 Updated images are published with cryptographic provenance attestations to
 support verification and compliance workflows. This automated process reduces
 the operational burden of manual patching and helps teams stay aligned with
-secure software development practices.
+secure software development practices.
+
+## Automatic patching for customized images
+
+When you [customize a Docker Hardened Image](../how-to/customize.md), your
+customized images also benefit from automatic patching. When the base Docker
+Hardened Image receives a security update, Docker automatically rebuilds your
+customized images in the background, ensuring they stay current with the latest
+security patches without requiring manual intervention.
+
+This means your customizations maintain continuous compliance and protection by
+default, with no additional operational overhead.
diff --git a/content/manuals/dhi/how-to/customize.md b/content/manuals/dhi/how-to/customize.md
@@ -8,16 +8,24 @@ description: Learn how to customize a Docker Hardened Images (DHI).
 
 You can customize a Docker Hardened Image (DHI) to suit your specific needs
 using the Docker Hub UI. This allows you to select a base image, add packages,
-add artifacts, and configure settings. In addition, the build pipeline ensures that
-your customized image is built securely and includes attestations.
+add OCI artifacts (such as custom certificates or additional tools), and
+configure settings. In addition, the build pipeline ensures that your customized
+image is built securely and includes attestations.
+
+Your customized images stay secure automatically. When the base Docker Hardened
+Image receives a security patch or your OCI artifacts are updated, Docker
+automatically rebuilds your customized images in the background. This ensures
+continuous compliance and protection by default, with no manual work required.
+The rebuilt images are signed and attested to the same SLSA Build Level 3
+standard as the base images, ensuring a secure and verifiable supply chain.
+
+## Customize a Docker Hardened Image
 
 To add a customized Docker Hardened Image to your organization, an organization
 owner must first [mirror](./mirror.md) the DHI repository to your organization.
 Once the repository is mirrored, any user with access to the mirrored DHI
 repository can create a customized image.
 
-## Customize a Docker Hardened Image
-
 To customize a Docker Hardened Image, follow these steps:
 
 1. Sign in to [Docker Hub](https://hub.docker.com).
