Every time I see someone in a demo for "automatic mitigations for container security issues" suggest to remove an image from a registry or prevent it's pulling, I like to scream. It's 99.9% a stupid idea. It doesn't prevent any compromise but will most likely result in downtime for applications.

Instead of having one problem, you create two, great!