# Container & Artifact Security Container & Artifact Security secures the software components — container images, binaries, packages, libraries, and build outputs — that are built, stored, and deployed across the delivery pipeline. In modern DevOps environments, these components form the backbone of the software supply chain. Any vulnerability, misconfiguration, or malicious code embedded here can propagate across every environment the artifact is deployed to — at scale and without warning. Unlike traditional application models, containerized workloads are **built once and deployed many times**. A vulnerability in a base image or a compromised dependency can replicate silently across development, staging, and production — making it critical to validate every component at the source, before it ever enters the pipeline. {% hint style="info" %} Container & Artifact Security in OpsMx acts as the build-time and supply chain control point — ensuring that what gets deployed is not only functional but secure, trusted, and compliant. {% endhint %} ## Why Container & Artifact Security Is Used in OpsMx OpsMx uses Container & Artifact Security in Delivery Shield to: * **Validate every image and artifact before deployment** — blocking vulnerable or untrusted components from advancing through the pipeline * **Protect the software supply chain** — detecting compromised dependencies, tampered artifacts, and hidden malicious code * **Generate SBOMs for every artifact** — providing complete component transparency in CycloneDX and SPDX formats * **Enforce deployment gates** — Trivy and Grype scan results feed directly into the Deployment Firewall for automated block/allow decisions * **Continuously monitor deployed images** — not just at build time, but in running environments as new CVEs are published. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.opsmx.com/code-to-cloud-security-and-scanners/container-and-artifact-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.