
latest are just pointers. What prevents an attacker from pushing a malicious image using the same tag? Or a broken build from overwriting a stable tag?
Validate policies can inspect the image name in a manifest, but they cannot prove the image’s identity or integrity. Alex needs to answer a crucial question:

Learn how to cryptographically verify container images so your cluster only runs artifacts produced (and signed) by your trusted build pipeline.
- Fundamentals: What container image signing means and why it matters. We introduce two widely adopted solutions Kyverno integrates with—SIGSTORE (and its CLI tool, cosign) and Notary—and explain core concepts like public keys, certificates, and attestations.
- Practical verification: How to solve Alex’s problem by writing Kyverno verifyImages policies for cosign and Notary. Learn how to configure policies that reference public keys and certificates so only images signed by your trusted authority are allowed to run.
- Attestations: How to validate claims about images (for example, provenance, vulnerability scan results, or SBOMs). We show examples of policies that verify attestations produced by cosign and Notary.
With these capabilities, you can enforce cryptographic provenance checks during admission control so your cluster only accepts images that meet your supply-chain policies.
Links and references
- SIGSTORE — official site
- cosign — GitHub
- Notary — official site
- Kyverno documentation — policies and verifyImages