The last post covered the PodMan usage as a more secure container management (and Docker replacement) and how to use the PodMan-compose project to run multiple container at once. This time, we want to go even further and only run container images that we authorized and even stop a podman-compose up process if some unauthorized images were to start. To do so we use the CodeNotary vcn project, that is a blockchain-based software notarization and enables us to run a compliant container infrastructure without any complexity. Its an enhanced version of Notary, just without the complex server setup and the internal silo limitation. We also use the podman-compose fork of CodeNotary, to enforce container authentication and block the start of unwanted container.