Verify Image Signature Kyverno policy Schema¶
Note
This is auto-generated documentation from a JSON schema that is under construction, this will improve over time.
Return to the root config schema
https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/main/config/schemas/config.yaml#/properties/kyverno/properties/policies/properties/verifyImageSignature
A policy that requires that all images in HNC controlled namespaces are signed
Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
---|---|---|---|---|---|---|---|
Can be instantiated | No | Unknown status | No | Forbidden | Allowed | none | config/schemas/config.yaml* |
TYPE:
object
(Verify Image Signature Kyverno policy)
PROPERTIES:
Property | Type | Required | Nullable | Defined by |
---|---|---|---|---|
enabled | boolean |
Optional | cannot be null | Welkin Apps Config |
type | string |
Optional | cannot be null | Welkin Apps Config |
ignoreRekorTlog | boolean |
Optional | cannot be null | Welkin Apps Config |
attestor | string |
Optional | cannot be null | Welkin Apps Config |
enabled¶
enabled
-
is optional
-
Type:
boolean
(Enable the Verify Image Signature policy) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
boolean
(Enable the Verify Image Signature policy)
type¶
type
-
is optional
-
Type:
string
(Method of signature validation) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
string
(Method of signature validation)
CONSTRAINTS:
enum: the value of this property must be equal to one of the following values:
Value | Explanation |
---|---|
"Cosign" |
|
"Notary" |
ignoreRekorTlog¶
ignoreRekorTlog
-
is optional
-
Type:
boolean
(Ignore Rekor transparency log when verifying image signatures) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
boolean
(Ignore Rekor transparency log when verifying image signatures)
attestor¶
A public key (Cosign) or certificate (Notary) used to verify image signatures
attestor
-
is optional
-
Type:
string
-
cannot be null
-
defined in: Welkin Apps Config
TYPE:
string
EXAMPLES:
|
-----BEGIN PUBLIC KEY-----
MFkwEwY...
-----END PUBLIC KEY-----
|
-----BEGIN CERTIFICATE-----
MIIDTTCCA...
-----END CERTIFICATE-----
Return to the root config schema
Generated Fri Jul 4 03:59:35 UTC 2025 from elastisys/compliantkubernetes-apps@main