Security scans should:
Fail builds on HIGH/CRITICAL issues
Run automatically
Be enforced before deployment
Trivy scans every image before itβs pushed or deployed.
This shifts security left in the SDLC.
Securing Docker Image Distribution
Container registries are part of your attack surface.
Measures used:
Jenkins credentials manager
Scoped DockerHub tokens
No plaintext secrets
Supply chain security is DevSecOps responsibility.
Top comments (0)