C-0236 - Verify image signature
Framework
ArmoBest, WorkloadScan
Severity
High
Description of the the issue
Verifies the signature of each image with given public keysNote, this control is configurable. See below the details.
Related resources
CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet
What does this control test
Verifies the signature of each image with given public keys
How to check it manually
Remediation
Replace the image with an image that is signed correctly
Impact Statement
Default Value
Configuration
This control can be configured using the following parameters. Read CLI/UI documentation about how to change parameters.
Trusted Cosign public keys
trustedCosignPublicKeys
A list of trusted Cosign public keys that are used for validating container image signatures.
Example
No example
Updated about 1 month ago