Digest-form rootfsImageRef candidate Vulnerable result: VULN_DIGEST_TRIGGER_CONFIRMED attacker digest ref=localhost:5000/attacker-digest@sha256:6015e02e94c8a0760f2ec65a62684d1ee6fb84925e68386f83e912ef8f9431af POST-CHECKPOINT: attacker digest image entries = 1 POST-CHECKPOINT: poisoned victim digest tag entries = 1 PRUVA_DIGEST_VARIANT_CODE_EXEC uid=0 gid=0 image=attacker-digest VERDICT: VULN_DIGEST_TRIGGER_CONFIRMED - digest-form rootfsImageRef poisoned localhost:5000/victim-digest:stable and executed attacker image code Fixed result: FIXED_DIGEST_TRIGGER_BLOCKED attacker digest ref=localhost:5000/attacker-digest@sha256:6015e02e94c8a0760f2ec65a62684d1ee6fb84925e68386f83e912ef8f9431af POST-CHECKPOINT: attacker digest image entries = 1 POST-CHECKPOINT: poisoned victim digest tag entries = 0 victim CreateContainer failed (expected for fixed runtime when no poisoned tag exists) VERDICT: FIXED_DIGEST_TRIGGER_BLOCKED - fixed runtime pulled/resolved the base image but did not create the arbitrary victim tag