It is critical to make sure the image we’re pulling is the one pushed by the publisher, and that no one has tampered with it.

• Sign your images with the help of Notary.
• Verify the trust and authenticity of the images you pull.

Tampering may occur over the wire, between the Docker client and the registry, or by compromising the registry of the owner’s account in order to push a malicious image to.