Scan all accessible images for CVEs - Inspect image layers for embedded secrets - Review Dockerfiles and build configurations - Assess base image provenance and update frequency