We're scaling our containerized apps and need to standardize base images for security andcompliance, but every team has their own preferences. Policy as code feels heavy, and blocking PRs kills velocity. What’s worked for you? Thinking about automated scanning that flags non-approved images but doesn't block initially, then gradually tightening. Or maybe image registries with approved-only pulls? Any tools or workflows that let you roll this out incrementally? Don't want to be the team that breaks everyone's deploys.