Which TWO of the following are best practices for securing the container supply chain?
Trap 1: Embed API keys directly in container images for authentication.
Secrets in images are exposed and should be injected at runtime.
Trap 2: Allow all images from any registry without verification to speed up…
Unverified images may contain malware or vulnerabilities.
Trap 3: Use mutable tags like 'latest' for easier updates.
Mutable tags make it impossible to guarantee which image version is running.
- A
Scan images for vulnerabilities in a CI pipeline before deploying.
Scanning helps catch known vulnerabilities early.
- B
Use image signing and verification (e.g., with cosign) to ensure image integrity.
Signing images ensures they have not been tampered with.
- C
Embed API keys directly in container images for authentication.
Why wrong: Secrets in images are exposed and should be injected at runtime.
- D
Allow all images from any registry without verification to speed up development.
Why wrong: Unverified images may contain malware or vulnerabilities.
- E
Use mutable tags like 'latest' for easier updates.
Why wrong: Mutable tags make it impossible to guarantee which image version is running.