dhi: update addtional resources and scanner integration (#24751)

craig-osterhout · web-flow · commit fd27751caeb6 · 2026-04-17T10:25:25.000+01:00
## Description - Added new blogs and terraform repo to additional resources - Added mend.io integration Notable topics in preview: - https://deploy-preview-24751--docsdocker.netlify.app/dhi/explore/scanner-integrations/ - https://deploy-preview-24751--docsdocker.netlify.app/dhi/how-to/scan/#mendio - https://deploy-preview-24751--docsdocker.netlify.app/dhi/resources/ ## Related issues or tickets ENGDOCS-3236 ## Reviews   - [ ] Editorial review - [ ] Product review --------- Signed-off-by: Craig Osterhout <craig.osterhout@docker.com>
diff --git a/_vale/config/vocabularies/Docker/accept.txt b/_vale/config/vocabularies/Docker/accept.txt
@@ -337,6 +337,7 @@ Zsh
 [Vv]irtualize
 [Ww]alkthrough
 [Tt]oolsets?
+[Rr]eachability
 [Rr]erank(ing|ed)?
 [Ee]vals?
 [Ll]abspaces?
diff --git a/content/manuals/dhi/explore/scanner-integrations.md b/content/manuals/dhi/explore/scanner-integrations.md
@@ -1,7 +1,7 @@
 ---
 title: Scanner integrations
 description: Learn which vulnerability scanners work with Docker Hardened Images and how to choose the right scanner for accurate vulnerability assessment.
-keywords: scanner integration, vulnerability scanning, docker scout, trivy, grype, container security scanners
+keywords: scanner integration, vulnerability scanning, docker scout, trivy, grype, mend.io, container security scanners
 weight: 40
 ---
 
@@ -23,6 +23,9 @@ Hardened Images to deliver more accurate vulnerability assessments:
   flag for local VEX file processing.
 - [Wiz](https://www.wiz.io/): Automatically applies VEX statements with
   zero configuration.
+- [Mend.io](https://www.mend.io/): Automatically retrieves and applies VEX
+  statements with zero configuration. Combines VEX data with reachability
+  analysis.
 
 For step-by-step instructions, see [Scan Docker Hardened Images](/manuals/dhi/how-to/scan.md).
 
@@ -63,8 +66,8 @@ from Docker Hardened Images offer the following benefits:
   aren't flagged; security teams and compliance officers can review the reasoning
   rather than trusting a vendor's black box.
 - Scanner flexibility: Switch between any VEX-enabled scanner (Docker Scout,
-  Trivy, Grype, etc.) without losing vulnerability context or rebuilding
-  exclusion lists.
+  Trivy, Grype, Wiz, Mend.io, etc.) without losing vulnerability context or
+  rebuilding exclusion lists.
 - Consistent results: VEX-enabled scanners interpret the same data the
   same way, eliminating discrepancies between tools.
 - Faster workflows: Focus on real risks rather than researching why reported
@@ -96,7 +99,7 @@ The image includes signed attestations that explain which vulnerabilities don't
 apply and why. Any VEX-enabled scanner can read these attestations, giving you:
 
 - Tool flexibility: Use any scanner that supports OpenVEX (Docker Scout,
-  Trivy, Grype, Wiz, etc.)
+  Trivy, Grype, Wiz, Mend.io, etc.)
 - Complete transparency: Review the exact reasoning for each vulnerability
   assessment
 - Full auditability: Security teams and compliance officers can independently
diff --git a/content/manuals/dhi/how-to/scan.md b/content/manuals/dhi/how-to/scan.md
@@ -1,8 +1,8 @@
 ---
 title: Scan Docker Hardened Images
 linktitle: Scan an image
-description: Learn how to scan Docker Hardened Images for known vulnerabilities using Docker Scout, Grype, Trivy, or Wiz.
-keywords: scan container image, docker scout cves, grype scanner, trivy container scanner, vex attestation
+description: Learn how to scan Docker Hardened Images for known vulnerabilities using Docker Scout, Grype, Trivy, Wiz, or Mend.io.
+keywords: scan container image, docker scout cves, grype scanner, trivy container scanner, mend.io, vex attestation
 weight: 46
 ---
 
@@ -21,6 +21,8 @@ read and apply the VEX statements included with Docker Hardened Images:
 - [Grype](#grype): Supports VEX via the `--vex` flag
 - [Wiz](#wiz): Automatically applies VEX statements with
   zero configuration
+- [Mend.io](#mendio): Automatically applies VEX statements with
+  zero configuration
 
 For guidance on choosing the right scanner and understanding the differences
 between VEX-enabled and non-VEX scanners, see [Scanner
@@ -374,6 +376,31 @@ $ docker pull dhi.io/<image>:<tag>
 $ wizcli scan container-image dhi.io/<image>:<tag>
 ```
 
+## Mend.io
+
+[Mend.io](https://www.mend.io/) is an application security platform that
+includes container image scanning with support for DHI VEX attestations.
+Mend Container automatically retrieves and applies VEX statements from Docker
+Hardened Images and combines them with Mend's reachability analysis for
+comprehensive vulnerability assessment.
+
+### Scan a DHI using Mend.io
+
+After acquiring a Mend.io subscription and configuring
+[Mend Container](https://docs.mend.io/container/latest/), Mend automatically
+detects Docker Hardened Images and applies their VEX data without requiring any
+additional configuration. When you scan a Docker Hardened Image through the Mend
+AppSec Platform, VEX statements are automatically retrieved and attached as risk
+factors to each finding.
+
+You can view and filter DHI-specific findings in the Mend AppSec Platform under
+**Security > Containers > Packages**, where a Docker badge identifies hardened
+image packages. Use the **Risk Factors** column to filter by VEX statuses such
+as Not Affected, Fixed, or Under Investigation.
+
+For more information, see the [Mend.io Docker Hardened Images
+documentation](https://docs.mend.io/platform/latest/docker-hardened-images).
+
 ## Export VEX attestations
 
 For scanners that need local VEX files (like Grype or Trivy with local files),
diff --git a/content/manuals/dhi/resources.md b/content/manuals/dhi/resources.md
@@ -19,6 +19,8 @@ features, and announcements:
 
 | Date published | Title |
 |------|-------|
+| April 14, 2026 | [Why We Chose the Harder Path: Docker Hardened Images, One Year Later](https://www.docker.com/blog/why-we-chose-the-harder-path-docker-hardened-images-one-year-later/) |
+| April 8, 2026 | [Reclaim Developer Hours through Smarter Vulnerability Prioritization with Docker and Mend.io](https://www.docker.com/blog/reclaim-developer-hours-through-smarter-vulnerability-prioritization-with-docker-and-mend-io/) |
 | March 3, 2026 | [Announcing Docker Hardened System Packages](https://www.docker.com/blog/announcing-docker-hardened-system-packages/) |
 | January 25, 2026 | [Making the Most of Your Docker Hardened Images Enterprise Trial - Part 3](https://www.docker.com/blog/making-the-most-of-your-docker-hardened-images-enterprise-trial-part-3/) |
 | January 24, 2026 | [Making the Most of Your Docker Hardened Images Enterprise Trial - Part 2](https://www.docker.com/blog/making-the-most-of-your-docker-hardened-images-enterprise-trial-part-2/) |
@@ -62,6 +64,9 @@ organization:
   digest) for Docker Hardened Images
 - [dhictl](https://github.com/docker-hardened-images/dhictl): Command-line
   interface for managing and interacting with Docker Hardened Images
+- [Terraform Provider](https://github.com/docker-hardened-images/terraform-provider-dhi):
+  Terraform provider for managing DHI resources
+  ([Terraform Registry](https://registry.terraform.io/providers/docker-hardened-images/dhi/latest/docs))
 - [Discussions](https://github.com/orgs/docker-hardened-images/discussions):
   Community forum and product discussions
 
