Try to get the offline docs to be similar - Container Scanning

What does this MR do?

Related issues

Author's checklist

• Follow the Documentation Guidelines and Style Guide.
• If applicable, update the permissions table.
• Link docs to and from the higher-level index page, plus other related docs where helpful.
• Apply the documentation label.

Review checklist

All reviewers can help ensure accuracy, clarity, completeness, and adherence to the Documentation Guidelines and Style Guide.

1. Primary Reviewer

• Review by a code reviewer or other selected colleague to confirm accuracy, clarity, and completeness. This can be skipped for minor fixes without substantive content changes.

2. Technical Writer

• Optional: Technical writer review. If not requested for this MR, must be scheduled post-merge. To request for this MR, assign the writer listed for the applicable DevOps stage.

3. Maintainer

1. Review by assigned maintainer, who can always request/require the above reviews. Maintainer's review can occur before or after a technical writer review.
2. Ensure a release milestone is set.
3. If there has not been a technical writer review, create an issue for one using the Doc Review template.

doc/user/application_security/container_scanning/index.md

@@ -212,11 +212,44 @@ If you want to whitelist specific vulnerabilities, you'll need to:
 
 ### Running Container Scanning in an offline environment
 
-Container Scanning can be executed on an offline GitLab Ultimate installation by using the following process:
+For self-managed GitLab instances in an environment with limited, restricted, or intermittent access
+to external resources via the internet, some adjustments are required for the Container Scanning job to
+successfully run. For more information, see [Offline deployments](../offline_deployments/index.md).
 
-1. Host the following Docker images on a [local Docker container registry](../../packages/container_registry/index.md):
-   - [arminc/clair-db vulnerabilities database](https://hub.docker.com/r/arminc/clair-db)
-   - GitLab klar analyzer: `registry.gitlab.com/gitlab-org/security-products/analyzers/klar`
+#### Requirements for offline Container Scanning
+
+To use Container Scanning in an offline environment, you need:
+
+- GitLab Runner with the [`docker` or `kubernetes` executor](#requirements).
+- To configure a local Docker Container Registry with copies of the Container Scanning [analyzer](https://gitlab.com/gitlab-org/security-products/analyzers/klar) images, found in the [Container Scanning container registry](https://gitlab.com/gitlab-org/security-products/analyzers/klar/container_registry).
+
+NOTE: **Note:**
+GitLab Runner has a [default `pull policy` of `always`](https://docs.gitlab.com/runner/executors/docker.html#using-the-always-pull-policy),
+meaning the runner may try to pull remote images even if a local copy is available. Set GitLab
+Runner's [`pull_policy` to `if-not-present`](https://docs.gitlab.com/runner/executors/docker.html#using-the-if-not-present-pull-policy)
+in an offline environment if you prefer using only locally available Docker images.
+
+#### Make GitLab Container Scanning analyzer images available inside your Docker registry
+
+For Container Scanning, import and host the following images from `registry.gitlab.com` to your "offline" [local Docker container registry](../../packages/container_registry/index.md):
+     - [arminc/clair-db vulnerabilities database](https://hub.docker.com/r/arminc/clair-db)
+     - GitLab klar analyzer: `registry.gitlab.com/gitlab-org/security-products/analyzers/klar`
+
+The process for importing Docker images into a local offline Docker registry depends on
+**your network security policy**. Please consult your IT staff to find an accepted and approved
+process by which external resources can be imported or temporarily accessed.
+
+Note that these scanners are [updated periodically](../index.md#maintenance-and-update-of-the-vulnerabilities-database)
+with new definitions, so consider if you are able to make periodic updates yourself.
+You can read more specific steps on how to do this [below.](#automating-container-scanning-vulnerability-database-updates-with-a-pipeline)
+
+For details on saving and transporting Docker images as a file, see Docker's documentation on
+[`docker save`](https://docs.docker.com/engine/reference/commandline/save/), [`docker load`](https://docs.docker.com/engine/reference/commandline/load/),
+[`docker export`](https://docs.docker.com/engine/reference/commandline/export/), and [`docker import`](https://docs.docker.com/engine/reference/commandline/import/).
+
+#### Set Container Scanning CI job variables to use local Container Scanner analyzers
+
+Container Scanning can be executed on an offline GitLab Ultimate installation using the following process:
 
 1. [Override the container scanning template](#overriding-the-container-scanning-template) in your `.gitlab-ci.yml` file to refer to the Docker images hosted on your local Docker container registry:
 
@@ -234,7 +267,9 @@ Container Scanning can be executed on an offline GitLab Ultimate installation by
    self-signed certificate, then you must set `DOCKER_INSECURE: "true"` in the above
    `container_scanning` section of your `.gitlab-ci.yml`.
 
-It may be worthwhile to set up a [scheduled pipeline](../../../ci/pipelines/schedules.md) to automatically build a new version of the vulnerabilities database on a preset schedule. You can use the following `.gitlab-yml.ci` as a template:
+#### Automating Container Scanning vulnerability database updates with a pipeline
+
+It can be worthwhile to set up a [scheduled pipeline](../../../ci/pipelines/schedules.md) to automatically build a new version of the vulnerabilities database on a preset schedule. Automating this with a pipeline means you won't have to manually do it each time. You can use the following `.gitlab-yml.ci` as a template:
 
 ```yaml
 image: docker:stable