@hannes-ucsc: "The images are currently pulled and run using a tag image reference. We have to pull by tag image ref, but we can run them using the image ID. We control the tags in ECR and we already make sure that the tag refers to expected image (this happens when we mirror the image during the deployment of the shared component). In other words, this is just an additional assertion rather than mitigating a flaw."
@hannes-ucsc: "The images are currently pulled and run using a tag image reference. We have to pull by tag image ref, but we can run them using the image ID. We control the tags in ECR and we already make sure that the tag refers to expected image (this happens when we mirror the image during the deployment of the shared component). In other words, this is just an additional assertion rather than mitigating a flaw."