Your company maintains several open-source projects and stores Docker container images in a public registry so that outside contributors can test builds. Management wants to reduce the risk that threat actors could harvest sensitive data from these publicly available images. Which preventative control should the DevOps team implement as the top priority?
Remove older images on a frequent basis to free space
Adopt a single branch for simpler conflict resolution
Review container tags for consistent naming across versions
Scan uploaded images for passwords or other credentials
Secrets frequently leak when build scripts copy configuration files or environment variables into image layers. Automated image-scanning tools can detect passwords, API keys, database connection strings, and other credentials before the image is published, eliminating the most severe misuse and data-exposure risk. Consistent tagging, branch strategy, and pruning old images improve organization or storage economy but do not directly prevent sensitive information from being exposed.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to scan images for embedded credentials?
Open an interactive chat with Bash
What tools can be used to scan container images for sensitive information?
Open an interactive chat with Bash
What other best practices help secure container repositories?