Docker images are made of layers, and integrity checks don’t always catch tampering. The gh0stEdit attack shows how malicious code can hide inside image layers while the manifest still looks valid. This creates silent risks in CI/CD pipelines and registries. The fix? Rebuild, sign, scan, enforce, and monitor your images to protect the container supply chain.