From c6b0c24cb0344e430a016a3a616f196fa4761751 Mon Sep 17 00:00:00 2001
From: aamir <32578528+syedDS@users.noreply.github.com>
Date: Sun, 25 Jan 2026 11:25:20 -0500
Subject: [PATCH] Enhance container registry security guidelines

Expanded the section on securing the container registry to include image signing and verification, ensuring only policy-compliant images are deployed.
---
 .../2-3-3-Container-Security/2-3-3-2-Container-Hardening.md   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/current-version/2-Process/2-3-Build/2-3-3-Container-Security/2-3-3-2-Container-Hardening.md b/current-version/2-Process/2-3-Build/2-3-3-Container-Security/2-3-3-2-Container-Hardening.md
index fae61dc..42e7906 100644
--- a/current-version/2-Process/2-3-Build/2-3-3-Container-Security/2-3-3-2-Container-Hardening.md
+++ b/current-version/2-Process/2-3-Build/2-3-3-Container-Security/2-3-3-2-Container-Hardening.md
@@ -31,8 +31,8 @@ Utilize security features provided by container runtimes, such as SELinux, AppAr
 - **Monitor Container Activity**
 Implement logging and monitoring mechanisms to detect and respond to security incidents. Monitor container behavior, access logs, and system logs to identify any suspicious activity.
 
-- **Secure Container Registry**
-Protect container images by securing the container registry. Implement authentication, access controls, and encryption to ensure that only authorized users can access and modify container images.
+- **Secure Container Registry and supply chain**
+Protect container images by securing the container registry. Implement authentication, access controls, and encryption to ensure that only authorized users can access and modify container images. Thus, enforce image signing and verification (with Notary, Sigstore) and only allow deployment of signed, policy‑compliant images from approved registries into production environments
 
 ---