Copyright © 2026 Authors retain the copyright of this article. This article is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

@article{180104,
        author = {Devashish Ghanshyambhai Patel},
        title = {Supply Chain Security in Cloud: Implementing Tamper Resistant Image Life Cycle Management},
        journal = {International Journal of Innovative Research in Technology},
        year = {2025},
        volume = {12},
        number = {1},
        pages = {530-537},
        issn = {2349-6002},
        url = {https://ijirt.org/article?manuscript=180104},
        abstract = {Cloud-native applications heavily rely on containerized environments and pre-built images for software deployment. However, the increasing complexity of the cloud software supply chain introduces significant security risks, particularly in ensuring the integrity of container images. Tampering with container images during their lifecycle poses severe threats, including data breaches, service disruptions, and regulatory non-compliance. Existing security mechanisms such as vulnerability scanning and registry-level controls often fail to provide end-to-end security assurance.

The abstract can be extended to emphasize the growing concern over supply chain attacks in high-assurance environments like finance, healthcare, and government. Real-world incidents such as the Codecov breach and dependency confusion attacks further illustrate the risks of insufficient verification mechanisms in CI/CD pipelines. A secure, tamper-resistant framework is crucial in mitigating these threats while supporting scalability and compliance.

This research presents a tamper-resistant image lifecycle management framework that ensures supply chain security by integrating digital signatures, immutable storage, and blockchain-based verification mechanisms. The proposed model enforces cryptographic integrity verification throughout the entire image lifecycle—spanning build, storage, distribution, and deployment phases. Experimental evaluation demonstrates the feasibility of the solution, showing minimal latency overhead and strong resistance to tampering attempts. The findings suggest that adopting a decentralized trust mechanism enhances the security of containerized environments, making them resilient to supply chain attacks. The Cloud Native Computing Foundation (CNCF) has highlighted security concerns inherent in cloud-native supply chains. Our findings align with blockchain-based verification frameworks that show minimal latency overhead.},
        keywords = {Cloud Security, Software Supply Chain, Container Security, Tamper-Resistance, Image Lifecycle, Blockchain, DevSecOps.},
        month = {May},
        }