Security starts before an image is published.
Trusted Images maintains a repeatable image factory for AWS Marketplace AMIs. The pipeline combines Packer, Ansible, release manifests, and support workflows so image maintenance is treated as an ongoing security process, not a one-time packaging job.
What we watch
- Supported operating system and package lifecycles.
- Critical CVEs and exploitability signals affecting packaged software.
- Supply-chain risk indicators, including suspicious upstream changes and exposed credentials.
- AWS Marketplace AMI requirements around supported software, hardcoded secrets, SSH posture, and launch behavior.
How AI fits
AI tools help us summarize security advisories, compare package drift, and prioritize review. They do not replace evidence, testing, or human release accountability. The goal is faster triage without turning release decisions into guesswork.
Release discipline
Images are rebuilt on a monthly cadence, with critical CVE response targeted within 48 hours when a practical patch or mitigation is available. Release records and manifests help us track what changed and which customers should receive upgrade guidance.