Add documentation for default account runner images

michieldewilde · michieldewilde · commit 12290e80ecd7 · 2025-10-27T16:26:00.000+01:00
diff --git a/docs/assets/screenshots/runtime-security.png b/docs/assets/screenshots/runtime-security.png
diff --git a/docs/concepts/configuration/runtime-configuration/README.md b/docs/concepts/configuration/runtime-configuration/README.md
@@ -104,7 +104,10 @@ Project root is the path of your project directory inside the Hub repository. Yo
 ### `runner_image` setting
 
 !!! info
-    Defaults to [**`public.ecr.aws/spacelift/runner-terraform:latest`**](https://gallery.ecr.aws/spacelift/runner-terraform){: rel="nofollow"}. See [this section](../../../integrations/docker.md) for more details.
+    There are multiple ways that the default runner image can be defined.
+    If there is no runner image set in the runtime configuration file, Spacelift will look at the stack configuration.
+    If there is no runner image set in the stack configuration, Spacelift will use the default runner image specified on the account level. see [Account default runner image](../../../integrations/docker.md#account-default-runner-images) for more details.
+    If there is no account-level default runner image set, Spacelift will default to [**`public.ecr.aws/spacelift/runner-terraform:latest`**](https://gallery.ecr.aws/spacelift/runner-terraform){: rel="nofollow"}. See [this section](../../../integrations/docker.md) for more details.
 
 The runner image is the Docker image used to run your workloads. By making it a runtime setting, Spacelift allows testing the image before it modifies your infrastructure.
 
diff --git a/docs/integrations/docker.md b/docs/integrations/docker.md
@@ -18,6 +18,15 @@ By default, Spacelift uses the latest version of the[`public.ecr.aws/spacelift/r
 !!! note
     The reason we have separate images for cloud providers is that the `gcloud` and `az` CLIs are enormous and we don't want to bloat the default image with them.
 
+## Account Default runner images
+
+You can set default runner images at the account level.
+This option can be found in the Organization Settings → Runtime Security section.
+These defaults will be used for all stacks in the account that do not have a specific runner image set.
+You can set different defaults for stacks running on public and private worker pools.
+
+![](../assets/screenshots/runtime-security.png)
+
 ## Allowed registries on public worker pools
 
 On public worker pools, only Docker images from the following registries are allowed to be used for runner images:
diff --git a/docs/product/changelog.md b/docs/product/changelog.md
@@ -8,7 +8,7 @@ description: Find out about the latest changes to Spacelift.
 
 ### Features
 
-- **Global default runner images** — Added support for global default runner images. These defaults can be set in the Organization Settings → Runtime Security. There are separate defaults for stacks running on private and public worker pools.
+- **Account default runner images** — Added support for account default runner images. See the [runtime security](../integrations/docker.md#account-default-runner-images) for more information.
 
 ## 2025-10-17
 
