Skip to content

[docs-scanner] CIS Benchmark version reference may become stale #24400

New issue
New issue
Closed
#24405
Closed
[docs-scanner] CIS Benchmark version reference may become stale#24400
#24405
Assignees
craig-osterhout
Labels
agent/generatedarea/dhi
@docker-agent

Description

@docker-agent
docker-agent
bot
opened on Mar 18, 2026

File: content/manuals/dhi/core-concepts/cis.md

Issue

The documentation references a specific version of the CIS Docker Benchmark that will become outdated:

"Docker Hardened Images (DHIs) are designed with security in mind and are verified to be compliant with the relevant controls from the latest CIS Docker Benchmark (v1.8.0) for the scope that applies to container images and Dockerfile configuration."

The phrase "the latest CIS Docker Benchmark (v1.8.0)" creates a contradiction - if v1.8.0 is hardcoded, it won't remain "the latest" as new versions are released. This will silently go stale.

Suggested fix

Either:

  1. Remove "latest" and just state the version tested against:
    "...verified to be compliant with the relevant controls from the CIS Docker Benchmark v1.8.0..."

  2. Or remove the version number if DHIs are continuously updated:
    "...verified to be compliant with the relevant controls from the CIS Docker Benchmark for the scope that applies to container images and Dockerfile configuration."

The second option is preferable if DHIs are updated to match new CIS versions, as it won't require documentation updates when the benchmark version changes.

Found by nightly documentation freshness scanner

Metadata

Metadata

Assignees

Labels

agent/generatedarea/dhi

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions