Understanding software supply chain security is one thing. Putting it into practice across a real pipeline, with real deadlines and real constraints, is another. Most organizations recognize that their software supply chain is a growing attack surface, but translating that awareness into concrete, repeatable practices is where the work gets difficult.
But why should your team tackle this now? According to Sonatype, over 99% of open source malware identified in 2025 occurred on npm. And the first self-replicating npm worm emerged, spreading autonomously across developer environments and compromising hundreds of packages within days. Meanwhile, Verizon’s 2025 Data Breach Investigations Report found that the share of breaches involving third parties doubled year-over-year to 30%.
This guide focuses on those practices that matter most for teams building and shipping container-based workloads. It’s organized around five categories that follow the natural flow of software delivery: trusted content, build security, pre-deployment verification, access and policy controls, and continuous monitoring. This way, your team can be better equipped to protect your software supply chain in the wake of increasingly automated and sophisticated attacks.
Key takeaways
- Start from trusted, minimal base images and pin all dependencies by digest to eliminate upstream drift.
- Verify build provenance with cryptographic attestations and generate SBOMs at every build.
- Integrate vulnerability analysis into developer workflows and enforce policy-driven access controls across registries and pipelines.
- The most effective programs treat supply chain security as an engineering discipline, not a compliance checkbox.
1. Start with trusted content
Choose verified, minimal base images
Every container image inherits the security posture of its base image. If that foundation contains unpatched vulnerabilities, outdated libraries, or components you do not need, those risks propagate into every image built on top of it. The first and highest-leverage supply chain practice is selecting base images that are minimal, continuously maintained, and verifiably built.
Look for base images that ship with complete SBOMs, provenance attestations at SLSA Build Level 3, and cryptographic signatures you can verify before deployment. Minimal images reduce attack surface by removing shells, package managers, and utilities that production workloads rarely need but attackers frequently exploit.This is where hardened, provenance-verified base images become a foundational practice. Rather than maintaining custom hardening scripts for each base image, teams can start from images that are rebuilt from source with full transparency into how they were produced.
Pin dependencies and verify integrity
Dependency pinning is a deceptively simple practice that prevents a category of supply chain attacks. When a Dockerfile references a tag like python:3.12, that tag can point to a different image digest tomorrow than it does today. A compromised or accidental change upstream flows silently into your builds.
Pin container images by SHA256 digest, not by tag. Pin language-level dependencies (npm, pip, Maven) to exact versions with lock files, and verify the integrity of those lock files in CI. If your build system pulls a dependency and the hash does not match what was committed, the build should fail.
- Scenario spotlight: Consider a team that builds nightly from a :latest-tagged base image. One morning, a routine build deploys to staging and integration tests start failing. The root cause: an upstream package update in the base image introduced a breaking change. With digest pinning and explicit upgrade workflows, this class of problem disappears entirely, and so does the more dangerous variant where a malicious change slips in unnoticed.
2. Secure the build pipeline
Enforce build provenance and attestation
Build provenance answers a question that SBOMs alone cannot: where was this artifact built, by what system, and from what source? Without provenance, you can verify what’s in an image but not whether the build environment itself was trustworthy.
The SLSA framework defines progressive levels of build integrity, from basic provenance documentation at Level 1 through hardened, tamper-resistant build platforms producing non-falsifiable provenance at Level 3. At minimum, builds should generate signed provenance attestations that link every artifact back to its source commit, build configuration, and builder identity.
In practice, this means configuring your CI/CD system to produce SLSA provenance attestations (typically expressed using the in-toto attestation format) alongside every image build. These attestations become the cryptographic evidence that your deployment policies can verify before allowing an image into production.
Harden CI/CD infrastructure
The build pipeline itself is a high-value target. If an attacker compromises your CI/CD system, they can inject malicious code into every artifact you produce, and your existing checks may not catch it because the malicious modification happens after the source code review.
Key hardening practices include:
- Isolate build environments so each job runs in a fresh, ephemeral context with no residual state from previous builds.
- Limit the secrets available to build jobs to the minimum required.
- Pin GitHub Actions and other CI plugins to full commit SHAs rather than mutable tags.
- Enforce branch protection rules that require code review and passing status checks before any merge to a release branch.
CISA emphasizes build system integrity as a foundational element of supply chain assurance. If you cannot trust the system that produced an artifact, no amount of post-build scanning will compensate.
3. Verify before you deploy
Generate and consume SBOMs continuously
A software bill of materials is only useful if it’s accurate, current, and integrated into your decision-making. Generating an SBOM once at release time and filing it away satisfies a compliance requirement but provides minimal security value.
The more effective practice is generating SBOMs at every build, attaching them to the image as attestations, and consuming them downstream in admission controllers, vulnerability scanners, and license compliance checks. When a new CVE drops, teams with current SBOMs can determine in minutes which running workloads are affected. Teams without them start a multi-day forensic exercise.
Pairing SBOMs with exploitability data (VEX) adds another layer of actionability. VEX documents indicate whether a vulnerability in your SBOM is actually exploitable in the context of your specific image, reducing the noise that causes alert fatigue and helps teams focus remediation on the vulnerabilities that actually matter.
Integrate vulnerability analysis into developer workflows
Vulnerability scanning is most effective when it surfaces results where developers are already working, not in a security dashboard that gets checked once a sprint. Shifting analysis into the inner development loop means flagging issues at build time, in pull requests, and during local development, well before an image reaches a registry.
This is where continuous vulnerability analysis integrated into the developer workflow becomes essential. Rather than batching scan results into weekly reports, effective programs surface findings alongside the code change that introduced them, with actionable remediation guidance.
The NIST Secure Software Development Framework (SSDF) reinforces this pattern. Practice PW.7 recommends that organizations review and analyze human-readable code to identify vulnerabilities and verify compliance with security requirements. Automated analysis integrated into CI/CD is the scalable implementation of that guidance.
4. Control access and enforce policy
Manage registry access and image policies
Your container registry is the distribution point for every image your organization runs. If developers can pull any image from any public registry without restriction, the supply chain extends to every maintainer of every image they choose to use.
Implement registry access controls that restrict which images are approved for use, enforce that all images come from verified publishers or internal builds, and require signature verification before any image enters production. Image access management policies ensure that teams can experiment freely in development while production environments consume only vetted, policy-compliant images.
- Scenario spotlight: Medplum, a healthcare developer platform helping customers meet HIPAA and HITRUST requirements, migrated their container foundation to Docker Hardened Images with just 54 lines added and 52 removed across their codebase. The result was a dramatically reduced CVE count, non-root execution by default, and no shell access in production. They also got a cleaner story to tell their auditors. Instead of explaining custom hardening scripts and per-CVE exception documentation, the team can point to documented hardening methodology and SLSA Build Level 3 provenance.
Apply least privilege across the pipeline
Supply chain attacks frequently exploit over-permissioned service accounts, CI tokens with broad scope, or shared credentials that provide more access than any single job requires. Applying least privilege to your delivery pipeline means scoping every credential, token, and API key to the minimum permissions needed for its specific task.
CISA specifically recommends phishing-resistant multi-factor authentication on all developer and CI/CD accounts. Beyond authentication, ensure that build service accounts cannot push to production registries, that deployment tokens cannot modify build configurations, and that no single credential grants access to both source code and production infrastructure.
5. Monitor, respond, and improve
Implement runtime monitoring
Static analysis and build-time scanning catch the threats you anticipate. Runtime monitoring catches the ones you did not. When a supply chain compromise makes it past your pre-deployment controls, runtime anomaly detection is the layer that identifies unexpected behavior: new network connections from a container that should not make outbound calls, file system modifications in an immutable image, or process execution patterns that diverge from the image’s normal profile.
Effective runtime monitoring for supply chain security goes beyond traditional application performance monitoring. It requires baseline behavioral profiles for your container workloads and alerting that triggers on deviation, not just on known-bad signatures. This is particularly important for detecting compromised dependencies that behave normally during testing but activate malicious behavior under specific runtime conditions.
Build incident response into your supply chain program
When a supply chain incident occurs, response speed depends on preparation. Teams that have practiced their response to a compromised dependency, a malicious base image update, or a build system breach respond in hours. Teams that have not practiced these scenarios scramble for days.
Your incident response plan should include procedures for:
- Identifying which artifacts were produced from compromised components (this is where provenance and SBOMs pay for themselves)
- Revoking and rotating credentials that may have been exposed
- Rebuilding affected images from verified sources
- Communicating with downstream consumers of your software
Best practices at a glance
|
Software supply chain practice |
What it looks like in production |
|
Trusted base images |
All production images built from minimal, signed, provenance-verified base images with near-zero CVEs |
|
Dependency pinning |
Container images pinned by digest; language dependencies locked to exact versions with hash verification |
|
Build provenance |
Every artifact ships with signed SLSA attestations linking it to its source, builder, and build configuration |
|
CI/CD hardening |
Ephemeral build environments, pinned CI plugins, scoped secrets, branch protection enforced |
|
Continuous SBOMs |
SBOMs generated at every build, attached as attestations, consumed by admission and scanning tools |
|
Developer-integrated scanning |
Vulnerability analysis in PRs, local builds, and CI with actionable remediation guidance |
|
Registry access management |
Image pull policies restrict production to approved, signature-verified images from vetted sources |
|
Least privilege |
Pipeline credentials scoped per job; phishing-resistant MFA on all developer and CI/CD accounts |
|
Runtime monitoring |
Behavioral baselines for containers with alerts on anomalous network, filesystem, and process activity |
|
Incident response |
Documented, practiced playbooks for supply chain scenarios with provenance-backed blast radius analysis |
Getting started
Building a software supply chain security program is iterative work. The practices in this guide represent the larger picture, but the path there is incremental. Start with the foundation: trusted base images and dependency integrity. Layer in build provenance and SBOMs. Then expand into policy enforcement, developer-integrated scanning, and runtime monitoring as your program matures.
Docker Hardened Images provide a ready-made foundation for teams implementing these practices. Thousands of minimal, continuously rebuilt images ship with SLSA Build Level 3 provenance, signed SBOMs, and OpenVEX exploitability data, giving you a trusted starting point without the overhead of maintaining custom hardening pipelines. An independent assessment by SRLabs validated DHI’s provenance chain, signing model, and vulnerability management workflow, and continuous hardening practices.
Pair that with Docker Scout for continuous vulnerability analysis integrated directly into your development workflow, and you have the core tooling to support a supply chain security program that scales with your engineering organization.
Explore our full catalog of hardened images and start replacing your base images today.
Frequently asked questions
What’s the most important software supply chain security best practice?
Starting from trusted, minimal base images has the highest leverage because it reduces the attack surface for everything built on top. A single vulnerable component in a base image can propagate across hundreds of downstream images and workloads.
How do SBOMs and build provenance work together?
An SBOM tells you what’s inside an artifact. Build provenance tells you where and how it was built. Together, they provide the transparency needed to assess whether an artifact is trustworthy and to quickly identify affected workloads when a vulnerability or compromise is discovered.
How does the SLSA framework relate to supply chain best practices?
SLSA (Supply Chain Levels for Software Artifacts) provides a progressive maturity model for build integrity. It gives teams a clear path from basic provenance documentation toward hardened, isolated build platforms with non-falsifiable provenance. Future iterations of the spec are expected to extend coverage into areas like hermeticity, reproducibility, and source integrity.
What is the difference between vulnerability scanning and runtime monitoring
Vulnerability scanning identifies known weaknesses in code and dependencies before deployment. Runtime monitoring detects unexpected behavior in running workloads, catching compromises that scanning missed or that activate only under specific conditions.
Where should teams start if they have no supply chain security program today?
Start with base image selection and dependency pinning. These two practices are relatively low-effort to implement and immediately reduce your exposure to the most common supply chain attack vectors. From there, add SBOM generation and build provenance to build the visibility needed for everything else.
