Why a “protected repo”? Modern teams depend on public container images, yet most environments lack a single, auditable control point for what gets pulled and when. This often leads to three operational challenges: Inconsistent or improvised base images that drift across teams and pipelines. Exposure to new CVEs when tags remain unchanged but upstream content...