Docker has become the de-facto standard for containerised applicationdelivery. Hundreds of companies in Switzerland develop, deploy andoperate Docker-packaged software regularly, often involving publiclyavailable Docker images produced by third parties. For banks, insurancesand other companies with high compliance requirements, this poses a riskdue to unknown origin and content of the images. Therefore, onlyapproved images are allowed to be used, and the approval is conditionalon passing quality scanning which is mostly a manual analysis process byexperts. The questions are: How does a suitable policy language looklike? How can we flag images as having been scanned by a trustworthyscanner? Can we use machine learning to learn over time if one source ofcontainer images is more trustworthy than another one? How can we makethe scanner invocation resilient while minimising the time it needs tobe connected to the Internet? Is the open source tool Clair suitable asbase for the planned product?