PAW Documentation

We need to justify PAW's infrastructure and security requirement due to its super complicated infrastructure requirement, most IT department from mega-size companies to SME cannot understand how PAW actually work and approve the PAW's infrastructure.

Looking at the current documentation provided, it cannot explain the following:

1. Is PAW even safe to use or did IBM put in any code to sniff any content in customers' network? We probably know IBM will not do that, but how to proof? Customers are requesting to put docker to scanning, but due to its super complicated infrastructure, it is not possible to tell how to extract and we cannot guarantee if the scanning software is supported or not. At the same time, IBM cannot provide any documentation or Tech Note to address security concerns.

2. Infrastructure, it comes with docker and docker compose, which version? Any licensing implication to docker and docker compose? Did IBM has any agreement with docker that it is free to use? Which version of docker and docker compose that comes with PAW? How does the component working together?

3. Documentation of each micro-services, many of them just one-liner to describe what the service do, there isn't any Tech Note or documentations to describe properly on each micro-services, this is the best documentation available: https://www.pantarhei.at/wp-content/uploads/2018/06/PAW-Local-Distributed-Soufiane-Azizi.pdf, but it wasn't updated neither, the services describe is way too simple for such a big investment on PAW.

4. Will the communication between each micro-services safe? Possible to get sniff by any other applications? Any encryption being done for the data transmission between each containers? If yes, what type of encryption? Is this up to industry standard?