CoursesSoftware supply chain in depthAdmission & pipeline hardening

Registry security

Push control, immutable tags, trust the digest.

Advanced25 min · lesson 14 of 15

The registry sits between build and deploy, holding every artifact your cluster trusts. Hardening it — controlling who can push, making tags immutable, and keeping trust anchored to digests — closes the gap between a verified build and a verified deploy.

Access control and immutability

Treat the registry as a high-value system: tightly scope who and what can push (ideally only your CI pipeline’s identity), so an attacker cannot simply upload a malicious image under a trusted name. Enable tag immutability so a published tag cannot be silently overwritten with different content — a common way tampering slips past teams that pin to tags. Run a private registry for internal artifacts rather than depending on a public one you do not control, and apply the same signature and scan gates on pull that you apply at admission.

push by CI only, immutable tags, pull by digest
# Registry hardening (conceptual):
# - push: only the CI OIDC identity has write; humans cannot push to prod repos
# - tags: immutable — a published tag cannot be overwritten
# - pull: workloads reference images by DIGEST, not by tag
# Deploy manifests reference the immutable digest, not a mutable tag:
image: registry.acme.internal/api@sha256:9f2c... # not :latest
# Combined with admission verification, only the exact verified bytes ever run.

Anchor trust in digests, not names

A registry name and tag are convenience labels, not trust signals — the same tag can point to different content over time, and names can be typosquatted or confused. Anchor everything in the immutable digest: sign by digest, attest by digest, deploy by digest, and verify by digest. Mirror or vendor critical external base images into your controlled registry so an upstream change or deletion cannot break or subvert your builds, and re-scan what you store as new vulnerabilities emerge. The registry becomes a controlled, auditable trust boundary rather than a pass-through.

A hardened registry
control
push by CI identity only
no rogue uploads
immutable tags
no silent overwrite
anchor + maintain
trust the digest
sign/attest/deploy/verify by digest
mirror base images
control external inputs
re-scan stored artifacts
catch new CVEs
Lock down push, freeze tags, and make the digest the unit of trust. The registry is a boundary to control, not a pass-through.
Mutable tags quietly break every downstream guarantee
If a published tag can be overwritten, then signatures, scans, and reviews done against "that tag" no longer apply to what the tag now points to. Enable tag immutability and reference images by digest everywhere — otherwise your verification checked a moving target.