Skip to content

Verify Image Signature Kyverno policy Schema

Note

This is auto-generated documentation from a JSON schema that is under construction, this will improve over time.

Return to the root config schema

https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/main/config/schemas/config.yaml#/properties/kyverno/properties/policies/properties/verifyImageSignature

A policy that requires that all images in HNC controlled namespaces are signed

Abstract Extensible Status Identifiable Custom Properties Additional Properties Access Restrictions Defined In
Can be instantiated No Unknown status No Forbidden Allowed none config/schemas/config.yaml*

TYPE:

object (Verify Image Signature Kyverno policy)

PROPERTIES:

Property Type Required Nullable Defined by
enabled boolean Optional cannot be null Welkin Apps Config
type string Optional cannot be null Welkin Apps Config
ignoreRekorTlog boolean Optional cannot be null Welkin Apps Config
attestor string Optional cannot be null Welkin Apps Config

enabled

enabled

TYPE:

boolean (Enable the Verify Image Signature policy)

type

type

TYPE:

string (Method of signature validation)

CONSTRAINTS:

enum: the value of this property must be equal to one of the following values:

Value Explanation
"Cosign"
"Notary"

ignoreRekorTlog

ignoreRekorTlog

TYPE:

boolean (Ignore Rekor transparency log when verifying image signatures)

attestor

A public key (Cosign) or certificate (Notary) used to verify image signatures

attestor

TYPE:

string

EXAMPLES:

|
  -----BEGIN PUBLIC KEY-----
  MFkwEwY...
  -----END PUBLIC KEY-----

|
  -----BEGIN CERTIFICATE-----
  MIIDTTCCA...
  -----END CERTIFICATE-----

Return to the root config schema

Generated Fri Jul 4 03:59:35 UTC 2025 from elastisys/compliantkubernetes-apps@main