Establish a private repository in Amazon ECR. Implement a permissions policy for the repository that permits only necessary ECR operations, with a condition allowing these operations if the aws:PrincipalOrgID condition key matches the company's organization ID. Incorporate a lifecycle rule in the ECR repository to remove untagged images beyond the five most recent.

Set up a public repository in Amazon ECR. Create an IAM role within the ECR account, granting permissions for any account to assume the role if the aws:PrincipalOrgID condition key matches the company's organization ID. Include a lifecycle rule in the ECR repository to delete untagged images beyond the five most recent.

Create a private repository in Amazon ECR. Develop a permissions policy for the repository that allows only necessary ECR operations, with a condition permitting these operations for all account IDs within the organization. Schedule a daily Amazon EventBridge rule to trigger an AWS Lambda function that deletes untagged images beyond the five most recent.

Configure a public repository in Amazon ECR. Set up an interface VPC endpoint for Amazon ECR with an endpoint policy that includes the necessary permissions for image pulls required by the company. Include a condition allowing ECR operations for all account IDs within the company's organization. Schedule a daily Amazon EventBridge rule to activate an AWS Lambda function that removes untagged images beyond the five most recent.