From 0ab146875b905a0a3921b45046b8d575e6f23a73 Mon Sep 17 00:00:00 2001
From: Sertac Ozercan <sozercan@gmail.com>
Date: Wed, 22 Feb 2023 20:38:10 +0000
Subject: [PATCH 1/3] docs: clarify prov defaults

Signed-off-by: Sertac Ozercan <sozercan@gmail.com>
---
 build/attestations/index.md | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/build/attestations/index.md b/build/attestations/index.md
index a6e5e1064c8e..b9c9d02add2c 100644
--- a/build/attestations/index.md
+++ b/build/attestations/index.md
@@ -49,6 +49,16 @@ You can opt in to add either the SBOM or provenance attestation type, or both.
 $ docker buildx build --sbom=true --provenance=true .
 ```
 
+> SBOM generation is not enabled by default. It must be opted in using `--sbom=true` option.
+>
+> However, provenance generation is enabled by default with `mode=min,inline-only=true` option.
+>
+> It can be disabled by setting `--provenance=false` or using `BUILDX_NO_DEFAULT_ATTESTATIONS` environment variable.
+>
+> If explicitly enabled using `--provenance=true`, provenance attestation is created with `mode=max` option by default.
+>
+> See [Provenance attestation](./slsa-provenance.md) section for more details.
+
 BuildKit generates the attestations when building the image. The attestation
 records are wrapped in the in-toto JSON format and attached it to the image
 index in a manifest for the final image.
@@ -58,7 +68,7 @@ index in a manifest for the final image.
 <!-- prettier-ignore -->
 BuildKit produces attestations in the
 [in-toto format](https://github.com/in-toto/attestation){: target="blank" rel="noopener" class="\_" },
-as defined by the 
+as defined by the
 [in-toto framework](https://in-toto.io/){: target="blank" rel="noopener" class="\_" },
 a standard supported by the Linux Foundation.
 

From 27a1206f031b25041d49337cea341d9ae334f512 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Serta=C3=A7=20=C3=96zercan?=
 <852750+sozercan@users.noreply.github.com>
Date: Fri, 24 Feb 2023 13:53:42 -0800
Subject: [PATCH 2/3] Update build/attestations/index.md

Co-authored-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
---
 build/attestations/index.md | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/build/attestations/index.md b/build/attestations/index.md
index b9c9d02add2c..3c382071c0c6 100644
--- a/build/attestations/index.md
+++ b/build/attestations/index.md
@@ -49,15 +49,18 @@ You can opt in to add either the SBOM or provenance attestation type, or both.
 $ docker buildx build --sbom=true --provenance=true .
 ```
 
-> SBOM generation is not enabled by default. It must be opted in using `--sbom=true` option.
+> **Note**
 >
-> However, provenance generation is enabled by default with `mode=min,inline-only=true` option.
+> Provenance attestations are enabled by default, with the `mode=min` option.
+> You can disable provenance attestations using the `--provenance=false` flag,
+> or by setting the `BUILDX_NO_DEFAULT_ATTESTATIONS` environment variable:
 >
-> It can be disabled by setting `--provenance=false` or using `BUILDX_NO_DEFAULT_ATTESTATIONS` environment variable.
+> ```console
+> $ export BUILDX_NO_DEFAULT_ATTESTATION=1
+> ```
 >
-> If explicitly enabled using `--provenance=true`, provenance attestation is created with `mode=max` option by default.
->
-> See [Provenance attestation](./slsa-provenance.md) section for more details.
+> Using the `--provenance=true` flag attaches provenance attestations with `mode=max`
+> by default. See [Provenance attestation](./slsa-provenance.md) for more details.
 
 BuildKit generates the attestations when building the image. The attestation
 records are wrapped in the in-toto JSON format and attached it to the image

From fdf4d468a3e0c2e72957f076b9ac88d7c4057eb6 Mon Sep 17 00:00:00 2001
From: Sertac Ozercan <sozercan@gmail.com>
Date: Fri, 3 Mar 2023 20:26:11 +0000
Subject: [PATCH 3/3] link to env vars page

Signed-off-by: Sertac Ozercan <sozercan@gmail.com>
---
 build/attestations/index.md | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/build/attestations/index.md b/build/attestations/index.md
index 3c382071c0c6..a3078fd94f86 100644
--- a/build/attestations/index.md
+++ b/build/attestations/index.md
@@ -53,11 +53,7 @@ $ docker buildx build --sbom=true --provenance=true .
 >
 > Provenance attestations are enabled by default, with the `mode=min` option.
 > You can disable provenance attestations using the `--provenance=false` flag,
-> or by setting the `BUILDX_NO_DEFAULT_ATTESTATIONS` environment variable:
->
-> ```console
-> $ export BUILDX_NO_DEFAULT_ATTESTATION=1
-> ```
+> or by setting the [`BUILDX_NO_DEFAULT_ATTESTATIONS`](../building/env-vars.md#buildx_no_default_attestations) environment variable.
 >
 > Using the `--provenance=true` flag attaches provenance attestations with `mode=max`
 > by default. See [Provenance attestation](./slsa-provenance.md) for more details.