You replace build-push-pull image pipelines with a declarative Flox environment, whose dependencies resolve hash-address packages that reside in an immutable, node-local store. Organizations can run their own private, signed binary caches, enabling them to create or mirror packages inside their network, generating SBOMs and verifications (see SBOMs, below), and point the security scanner at that cache. At runtime, nodes fetch only hash-addressed artifacts, so existing provenance, approval, and CVE workflows carry forward.
In short: Organizations are moving away from shipping snapshot (container images) for shipping Recipes (declarative environment); Produce Recipes sbom-by defaultSingle-edit A/B and atomic rollback, faster CVE triaging, and other operational benefits. For developers, AI/ML engineers, and other practitioners, the Flox environment runs as a subshell, No Containers, so that developers can work directly on their local system with free access to all resources. Flox development environments are co-located with Git repos, so PRs always update the code And Simultaneous runtime. Same environment runs in SDLC: local development → CI → production Kubernetes cluster.