Merge remote-tracking branch 'docker.github.io/master'

_data/toc.yaml

@@ -3435,6 +3435,8 @@ manuals:
               title: Delete images
             - path: /datacenter/dtr/2.5/guides/user/manage-images/scan-images-for-vulnerabilities/
               title: Scan images for vulnerabilities
+            - title: Override a vulnerability
+              path: /datacenter/dtr/2.5/guides/user/manage-images/override-a-vulnerability/
             - path: /datacenter/dtr/2.5/guides/user/manage-images/prevent-tags-from-being-overwritten/
               title: Prevent tags from being overwritten
             - sectiontitle: Sign images

datacenter/dtr/2.5/guides/user/manage-images/override-a-vulnerability.md

@@ -0,0 +1,29 @@
+---
+title: Override a vulnerability
+description: Learn how to dismiss a vulnerability reported by the security
+  scanner, when you know it has been addressed
+keywords: registry, security scanner
+---
+
+DTR scans images for vulnerabilities. At times, however, it may report image vulnerabilities that you know have been fixed, and whenever that happens the warning can be dismissed.
+
+1. Access the DTR web interface.
+
+2. Click **Repositories** in the left-hand menu, and locate the repository that has been scanned.
+
+
+    ![](../../images/scan-images-for-vulns-3.png){: .with-border}
+
+3. Click **View details** to review the image scan results, and select **Components** to see the vulnerabilities for each component packaged in the image.
+
+4. Select the component with the vulnerability you want to ignore, navigate to the vulnerability, and click **hide**.
+
+    ![Vulnerability list](../../images/override-vulnerability-2.png){: .with-border}
+
+    Once dismissed, the vulnerability is hidden system-wide and will no longer be reported as a vulnerability on affected images with the same layer IDs or digests. In addition, DTR will not reevaluate the promotion policies that have been set up for the repository.
+
+    If after hiding a particular vulnerability you want the promotion policy for the image to be reevaluated, click **Promote**.
+
+## Where to go next
+
+* [Scan images for vulnerabilities](scan-images-for-vulnerabilities.md)

ee/ucp/swarm/index.md

@@ -8,62 +8,65 @@ redirect_from:
 
 >{% include enterprise_label_shortform.md %}
 
-You can deploy and monitor your services from the UCP web UI. In this example
-we'll deploy an [NGINX](https://www.nginx.com/) web server and make it
+You can deploy and monitor your services from the UCP web UI. In this example, we'll deploy an [NGINX](https://www.nginx.com/) web server and make it
 accessible on port `8000`.
 
-In your browser, navigate to the UCP web UI and click **Services**. On the
-**Create a Service** page, click **Create Service** to configure the
-NGINX service.
-
-Fill in the following fields:
+To deploy a single service:
 
-| Field        | Value        |
-|:-------------|:-------------|
-| Service name | nginx        |
-| Image name   | nginx:latest |
-
-![](../images/deploy-a-service-1.png){: .with-border}
+1. In your browser, navigate to the UCP web UI and click **Services**. The **Create a Service** page opens.
+2. Click **Create Service** to configure the
+NGINX service.
 
-In the left pane, click **Network**. In the **Ports** section,
-click **Publish Port** and fill in the following fields:
+3. Complete the fields according to the information provided in the following table:
 
-| Field          | Value   |
-|:---------------|:--------|
-| Target port    | 80      |
-| Protocol       | tcp     |
-| Publish mode   | Ingress |
-| Published port | 8000    |
+    | Field        | Value        |
+    |:-------------|:-------------|
+    | Service name | nginx        |
+    | Image name   | nginx:latest |
 
-![](../images/deploy-a-service-2.png){: .with-border}
+    ![](../images/deploy-a-service-1.png){: .with-border}
+4. In the left pane, click **Network**. 
+5. In the **Ports** section,
+click **Publish Port** and complete the following fields:
 
-Click **Confirm** to map the ports for the NGINX service.
+    | Field          | Value   |
+    |:---------------|:--------|
+    | Target port    | 80      |
+    | Protocol       | tcp     |
+    | Publish mode   | Ingress |
+    | Published port | 8000    |
 
-Once you've specified the service image and ports, click **Create** to
+    ![](../images/deploy-a-service-2.png){: .with-border}
+6. Click **Confirm** to map the ports for the NGINX service.
+7. Specify the service image and ports, and click **Create** to
 deploy the service into the UCP cluster.
 
-![](../images/deploy-a-service-3.png){: .with-border}
+    ![](../images/deploy-a-service-3.png){: .with-border}
 
-Once the service is up and running, you'll be able to see the default NGINX
-page, by going to `http://<node-ip>:8000`. In the **Services** list, click the
+Once the service is up and running, you can view the default NGINX
+page by going to `http://<node-ip>:8000`. In the **Services** list, click the
 **nginx** service, and in the details pane, click the link under
 **Published Endpoints**. 
 
-![](../images/deploy-a-service-4.png){: .with-border}
+    ![](../images/deploy-a-service-4.png){: .with-border}
 
 Clicking the link opens a new tab that shows the default NGINX home page. 
 
-![](../images/deploy-a-service-5.png){: .with-border}
+    ![](../images/deploy-a-service-5.png){: .with-border}
 
 ## Use the CLI to deploy the service
 
 You can also deploy the same service from the CLI. Once you've set up your
-[UCP client bundle](../user-access/cli.md), run:
+UCP client bundle, enter the following command:
 
 ```bash
 docker service create --name nginx \
   --publish mode=ingress,target=80,published=8000 \
   --label com.docker.ucp.access.owner=<your-username> \
   nginx
 ```
+For more information about UCP client bundles, see [CLI-based access](../user-access/cli.md).
 
+## Where to go next
+* [Deploy a multi-service app](https://docs.docker.com/ee/ucp/swarm/deploy-multi-service-app/)
+* [Deploy application resources to a collection](https://docs.docker.com/ee/ucp/swarm/deploy-to-collection/)