The registry is inside your trust boundary whether you acknowledge it or not. It's the distribution path your entire build chain depends on
Our SRE team spent three months hardening the deployment pipeline last year. Locked down every step: signed commits, SLSA builds, runtime policies, all of it.
Then audit season came and the risk team asked one question that unraveled everything where do your base images come from?Well, the answer was docker hub. Then we sat there realizing we'd never once scrutinized the single biggest supplier in our entire software supply chain. The images ship unsigned with no SBOM or provenance just blind trust.
The pipeline was hardened, the front door was steel and the back door was docker pull. And we'd built the whole thing that way for years without once calling it what it is: an unaudited third-party dependency sitting inside the trust boundary.
After trivy, liteLLM, tj-actions, all of it, figured this was worth putting out there. If you haven't asked where your base images actually come from, ask before your auditor does.