Add during build process verifications about integrity of depdencies
We need to add an extra verification process on dependencies that we are using during the build process.
Containers
- Check to verify signature off used containers before build process. Better since we can keep using the lasted version available during build.
- Use fixed hash for images. Will require manual step or time to create some automated way of updating this.
For maven dependencies we need to verify how to do, or if we link that official repositories require signature and do checking for artifacts integrity.