You are conducting a penetration test on a cloud environment and have identified the possibility of image and artifact tampering attacks. Which action would be the most appropriate way to mitigate these types of attacks during the testing phase?

Ensuring integrity and provenance of container images is the key idea here. By using a trusted registry and enforcing image signing, you require that every image deployed in the test environment has a cryptographic signature from a known, trusted source and has not been altered since it was signed. This creates a verification step at pull time, so any tampered or spoofed image will be rejected before it can affect the test environment. Integrating signing into the CI/CD pipeline and configuring the registry to reject unsigned or untrusted images provides strong protection against image and artifact tampering during testing, and it also yields auditable provenance for each artifact. Disabling signing, deploying from local sources without provenance checks, or simply deleting images do not provide the same level of protection. Disabling signing removes the trust anchor, manual local deployment bypasses registry controls, and deletion does not prevent tampering from occurring or being reused.