Thanks for the share, I deal with containers and their security often.

A couple of good practices I add.

1.) if you’re going to pull from a CR/Dockerhub lock your tagged release to the specific semantic version you’re able to inspect. Pulling latest may have unintended results or introduce new things.

2.) When possible clone upstream repo on the release you like and build on your own without pulling from a CR

deleted by creator