Your organization recently adopted a container-based workflow for application development. Your team develops numerous applications that are deployed continuously through an automated build pipeline to the production environment. A recent security audit alerted your team that the code pushed to production could contain vulnerabilities and that the existing tooling around virtual machine (VM) vulnerabilities no longer applies to the containerized environment. You need to ensure the security and patch level of all code running through the pipeline. What should you do?

A. Set up Container Analysis to scan and report Common Vulnerabilities and Exposures. B. Configure the containers in the build pipeline to always update themselves before release. C. Reconfigure the existing operating system vulnerability software to exist inside the container. D. Implement static code analysis tooling against the Docker files used to create the containers.