Risks

Artifacts (files, libraries, or binaries) included in container images can pose significant security risks if they come from unknown or untrusted sources. Without proper verification, artifacts may contain:

Undesirable Features or Malicious Code: Artifacts from uncontrolled sources may include hidden vulnerabilities, malware, or backdoors, which can compromise the security and integrity of the environment.

Unknown Origins: There is often no way to verify how or by whom the artifacts were created, making it difficult to trust their contents. This lack of provenance can expose production systems to unintentional risks, including data breaches and compromised services.

To mitigate these risks, verifying artifacts before they are included in production images is critical.