Container images should be deployed from trusted registries only

What does this mean?

This recommendation restricts container image deployments to approved registries only. Untrusted images may contain vulnerabilities, malware, or misconfigurations that could compromise your environment.

Benefits of implementation

• Prevents deployment of unvetted or malicious container images
• Enforces supply chain security for containers
• Supports compliance with image provenance requirements

Drawbacks and considerations

• Requires maintaining an approved registry list
• May slow down development if registry approval process is slow
• Emergency deployments may be blocked if the registry is not whitelisted

Implementation

Implementation guidance coming soon.

Related recommendations

Related recommendations will be linked here.