Your advanced code editor is loading.

Please wait a moment.

#editor-loading { display: none; }

apiVersion: kyverno.io/v1
          
          
kind: ClusterPolicy
metadata:
name: verify-flux-images
spec:
validationFailureAction: Audit
background: false
webhookTimeoutSeconds: 30
failurePolicy: Fail
rules:
name: verify-cosign-signature
match:
any:
resources:
kinds:
Pod
verifyImages:
imageReferences:
“ghcr.io/fluxcd/source-controller:”

          

          “ghcr.io/fluxcd/kustomize-controller:”
“ghcr.io/fluxcd/helm-controller:”

          

          “ghcr.io/fluxcd/notification-controller:”
“ghcr.io/fluxcd/image-reflector-controller:”

          

          “ghcr.io/fluxcd/image-automation-controller:”
“docker.io/fluxcd/source-controller:”

          

          “docker.io/fluxcd/kustomize-controller:”
“docker.io/fluxcd/helm-controller:”

          

          “docker.io/fluxcd/notification-controller:”
“docker.io/fluxcd/image-reflector-controller:”

          

          “docker.io/fluxcd/image-automation-controller:”
mutateDigest: false
verifyDigest: false
attestors:
entries:
keyless:
subject: “https://github.com/fluxcd/*”
issuer: “https://token.actions.githubusercontent.com”
rekor:
url: https://rekor.sigstore.dev

Your advanced code editor is loading.

Please wait a moment.

Explanation

Graph

Symbols

We couldn't identify any entrypoints. If you believe this to be incorrect then please contact support.