Software‑supply‑chain attacks increasingly exploit the dependency graphs hidden inside container base images. General‑purpose binary distributions can drag in hundreds of packages, making it difficult to generate accurate SBOMs and keep up with CVE patching. In this session you will learn how to use the Yocto Project to build lean, auditable container base images and matching package repositories that can serve as drop‑in replacements inside existing Docker or Podman build pipelines.