Description
Proposal
In more locked down / secured environments, it can be problematic to pull images from docker hub and run them without additional precautions.
One need is to prefix images so that they can be pulled from a docker registry other than docker hub. This is the usual mechanism for using docker image proxies, caches, etc.
Another need is to pin images to specific hashes to protect against supply chain attacks. When images are not pinned to a specific hash, an attacker with control of the docker account that hosts the images can publish a new image with the same tag that contains malicious code.
The latter issue also exists for images referenced by this repo normally, so maybe it can be solved differently from the first. Maybe images used by testcontainers can always be pinned by hash by default?