SHA256 digest references are immutable and cannot be overwritten. Combined with image signing (cosign/Notary) and verification at deployment, this provides the strongest supply chain integrity guarantee.