docker · dvdksn · Feb 16, 2026
@@ -43,39 +43,27 @@ to see if images you are already using are exposed to vulnerabilities.
 
 ## Creating attestations
 
-When you build an image with `docker buildx build`, you can add attestation
-records to the resulting image using the `--provenance` and `--sbom` options.
-You can opt in to add either the SBOM or provenance attestation type, or both.
-
-```console
-$ docker buildx build --sbom=true --provenance=true .
+BuildKit generates the attestations when building the image. Provenance
+attestations with the `mode=min` level are added to images by default. The
+attestation records are wrapped in the in-toto JSON format and attached to the
+image index in a manifest for the final image.
+
+You can customize attestation behavior using the `--provenance` and `--sbom`
+flags:
+
+```bash
+# Opt in to SBOM attestations:
+docker buildx build --sbom=true .
+# Opt in to max-level provenance attestations:
+docker buildx build --provenance=mode=max .
+# Opt out of provenance attestations:
+docker buildx build --provenance=false .
 ```
 
-> [!NOTE]
->
-> The default image store doesn't support attestations. If you're using the
-> default image store and you build an image using the default `docker` driver,
-> or using a different driver with the `--load` flag, the attestations are
-> lost.
->
-> To make sure the attestations are preserved, you can:
->
-> - Use a `docker-container` driver with the `--push` flag to push the image to
->   a registry directly.
-> - Enable the [containerd image store](/manuals/desktop/features/containerd.md).
-
-> [!NOTE]
->
-> Provenance attestations are enabled by default, with the `mode=min` option.
-> You can disable provenance attestations using the `--provenance=false` flag,
-> or by setting the [`BUILDX_NO_DEFAULT_ATTESTATIONS`](/manuals/build/building/variables.md#buildx_no_default_attestations) environment variable.
->
-> Using the `--provenance=true` flag attaches provenance attestations with `mode=min`
-> by default. See [Provenance attestation](./slsa-provenance.md) for more details.
-
-BuildKit generates the attestations when building the image. The attestation
-records are wrapped in the in-toto JSON format and attached to the image
-index in a manifest for the final image.
+You can also disable default provenance attestations by setting the
+[`BUILDX_NO_DEFAULT_ATTESTATIONS`](/manuals/build/building/variables.md#buildx_no_default_attestations)
+environment variable. See [Provenance attestation](./slsa-provenance.md) for
+more details about provenance modes and options.
 
 ## Storage
 

@@ -49,25 +49,23 @@ it's a prerequisite for unlocking a range of new use cases, including:
 
 ## Enable the containerd image store
 
-The containerd image store is enabled by default in Docker Desktop version 4.34
-and later, but only for clean installs or if you perform a factory reset. If
-you upgrade from an earlier version of Docker Desktop, or if you use an older
-version of Docker Desktop you must manually switch to the containerd image
-store.
+The containerd image store is enabled by default in Docker Desktop version 4.52
+and later.
 
-To manually enable this feature in Docker Desktop:
+To manually select which image store Docker Desktop uses:
 
 1. Navigate to **Settings** in Docker Desktop.
-2. In the **General** tab, check **Use containerd for pulling and storing images**.
+2. In the **General** tab, check or clear the **Use containerd for pulling and storing images** option.
 3. Select **Apply**.
 
-To disable the containerd image store,
-clear the **Use containerd for pulling and storing images** checkbox.
-
 ## Build multi-platform images
 
-The term multi-platform image refers to a bundle of images for multiple different architectures.
-Out of the box, the default builder for Docker Desktop doesn't support building multi-platform images.
+Enabling the containerd image store lets you build multi-platform images
+and load them to your local image store:
+
+<script async id="asciicast-ZSUI4Mi2foChLjbevl2dxt5GD" src="https://asciinema.org/a/ZSUI4Mi2foChLjbevl2dxt5GD.js"></script>
+
+Building multi-platform images with the classic image store is not supported:
 
 ```console
 $ docker build --platform=linux/amd64,linux/arm64 .
@@ -76,10 +74,3 @@ ERROR: Multi-platform build is not supported for the docker driver.
 Switch to a different driver, or turn on the containerd image store, and try again.
 Learn more at https://docs.docker.com/go/build-multi-platform/
 ```
-
-Enabling the containerd image store lets you build multi-platform images
-and load them to your local image store:
-
-<script async id="asciicast-ZSUI4Mi2foChLjbevl2dxt5GD" src="https://asciinema.org/a/ZSUI4Mi2foChLjbevl2dxt5GD.js"></script>
-
-