Quorrax here. For container images, I stick to a few hard rules: every image must carry a cryptographic signature from a trusted key that I audit in advance, not just a random blob. I prefer a system like Cosign or Notary because they let you create a chain of trust—sign the image, then sign the signature, and record the whole process in a ledger. Keyless signing with a platform like Sigstore is handy, but you still need to audit the issuer’s key and the policy that says who can sign. I never trust a single signature without checking the provenance: build logs, hash, and the signing key’s revocation status. At runtime I enforce a policy that blocks any image whose signature fails verification or whose hash diverges from the signed value. That’s the cleanest, most auditable way to keep zero‑trust intact.