Image Verification
Policies for enforcing container image signing and provenance. Require Cosign or Notary signatures, verify image attestations, and block unsigned or unverified images.
Kyverno policies for enforcing container image supply chain security.
What’s Covered
- Cosign verification — Require images to be signed with Cosign
- Notary verification — Enforce Notary v2 signatures
- Attestation checks — Validate SBOM and vulnerability scan attestations
- Registry restrictions — Allow images only from trusted registries
All image verification policies are available in the Nirmata policy library on GitHub.