diff --git a/cmd/kosli/fingerprint.go b/cmd/kosli/fingerprint.go
index 0eee34637..9f43c3b55 100644
--- a/cmd/kosli/fingerprint.go
+++ b/cmd/kosli/fingerprint.go
@@ -40,6 +40,11 @@ images in registries or "docker" for local docker images.
 Fingerprinting container images can be done using the local docker daemon or the fingerprint can be fetched
 from a remote registry.
 
+Note: ^--artifact-type=docker^ reads the image's repo digest via the local Docker daemon, so
+the image must have been pushed to or pulled from a registry. A freshly built image (just
+^docker build^) does not have a repo digest. For images already in a registry, prefer
+^--artifact-type=oci^ to fetch the digest directly from the registry.
+
 ` + fingerprintDirSynopsis
 
 const fingerprintExamples = `
diff --git a/cmd/kosli/root.go b/cmd/kosli/root.go
index 171ee6215..01c376817 100644
--- a/cmd/kosli/root.go
+++ b/cmd/kosli/root.go
@@ -42,12 +42,18 @@ const (
 
 	// the following constants are used in the docs/help
 	fingerprintDesc = `
-The artifact fingerprint can be provided directly with the ^--fingerprint^ flag, or 
+The artifact fingerprint can be provided directly with the ^--fingerprint^ flag, or
 calculated based on ^--artifact-type^ flag.
 
 Artifact type can be one of: "file" for files, "dir" for directories, "oci" for container
 images in registries or "docker" for local docker images.
 
+Note: ^--artifact-type=docker^ reads the image's repo digest via the local Docker daemon.
+The image must have been pushed to or pulled from a registry for a repo digest to exist;
+a freshly built image (just ^docker build^) will not have one. If the image is already in
+a registry, prefer ^--artifact-type=oci^, which fetches the digest directly from the
+registry without needing a local Docker daemon.
+
 `
 
 	attestationBindingDesc = `
diff --git a/cmd/kosli/testdata/output/docs/mintlify/artifact.md b/cmd/kosli/testdata/output/docs/mintlify/artifact.md
index 40d6941c5..cabada4c8 100644
--- a/cmd/kosli/testdata/output/docs/mintlify/artifact.md
+++ b/cmd/kosli/testdata/output/docs/mintlify/artifact.md
@@ -16,12 +16,18 @@ artifact {IMAGE-NAME | FILE-PATH | DIR-PATH} [flags]
 
 Report an artifact creation to a Kosli flow.  
 
-The artifact fingerprint can be provided directly with the `--fingerprint` flag, or 
+The artifact fingerprint can be provided directly with the `--fingerprint` flag, or
 calculated based on `--artifact-type` flag.
 
 Artifact type can be one of: "file" for files, "dir" for directories, "oci" for container
 images in registries or "docker" for local docker images.
 
+Note: `--artifact-type=docker` reads the image's repo digest via the local Docker daemon.
+The image must have been pushed to or pulled from a registry for a repo digest to exist;
+a freshly built image (just `docker build`) will not have one. If the image is already in
+a registry, prefer `--artifact-type=oci`, which fetches the digest directly from the
+registry without needing a local Docker daemon.
+
 
 
 ## Flags