docs(trg): finetune TRG 4.02 description

eclipse-tractusx · Nov 8, 2023 · a885a4c · a885a4c
1 parent c9ba9cf
commit a885a4c
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/docs/release/trg-4/trg-4-02.md b/docs/release/trg-4/trg-4-02.md
@@ -15,11 +15,11 @@ Proposed release date: "mandatory after": 19th of May 2023
 
 As part of our legal due diligence, we need to provide the best information possible about our distributed (published) Docker images.
 Similar to our 3rd-party dependency scans and the `DEPENDENCIES` file, Docker images also have to be scanned and the results published.
-Even though we do not provide any legal guarantees, we want to help you keep a high standard process, by defining guidelines, described in this TRG.
+We want to help you to keep a high standard process, by defining guidelines, described in this TRG.
 
 ## Description
 
-As Eclipse Tractus-X project, we cannot provide proper Docker image scans. This is why we use information that is already gathered for us.
+As Eclipse Tractus-X project, we don't have automated processes for publishing container scan results (yet). This is why we use information that is already gathered for us.
 DockerHub is running container scans for all [official images](https://docs.docker.com/trusted-content/official-images/)
 and is publishing the scans result in the [docker-library/repo-info repository](https://github.com/docker-library/repo-info).
 
@@ -42,8 +42,8 @@ and propose your preferred container images as base image.
 
 :::info
 As stated in the description above, base image usage is particularly aligned for container images, that we distribute by publishing them on DockerHub.
-In case you are using Docker images for build or testing purposes (for example pandoc or cypress, etc.), you can use other publicly available image,
-as long as the tools are open source license compliant.
+In case you are using Docker images for build or testing purposes (for example pandoc or cypress, etc.) and you do not publish the images,
+you can use other publicly available image, as long as the tools are open source license compliant.
 
 For automated TRG checks, you can skip base image checks on Dockerfiles by declaring it in the `.tractusx` metadata files.
 Details can be found in the [metadata file documentation](https://github.com/eclipse-tractusx/tractusx-quality-checks/blob/main/docs/metadata_file.md)