Explain container image flow in CI/CD
Company: NVIDIA
Role: Software Engineer
Category: Software Engineering Fundamentals
Difficulty: medium
Interview Round: Technical Screen
## Scenario
Walk through what happens in a typical CI/CD pipeline that builds and deploys a containerized service.
## Questions
1. During CI, how is a container image **built** (layers, cache, build context)?
2. How is the image **tagged and uploaded** to a registry?
3. How do runtimes/nodes **pull** the image (auth, caching, digests)?
4. What security checks should be included (scanning, SBOM, signing)?
5. What failure modes are common and how do you mitigate them?
Quick Answer: This question evaluates understanding of the container image lifecycle within CI/CD pipelines, covering build mechanics (layers, cache, build context), tagging and registry interactions, image distribution and pulling behavior (authentication, caching, digests), security controls (vulnerability scanning, SBOM generation, signing), and common failure modes. It is commonly asked to gauge operational and security competence in the Software Engineering Fundamentals/DevOps domain and measures both conceptual understanding and practical application of pipeline design and runtime image management.