C-0236 - Verify image signature

Framework

ArmoBest

Severity

High

Description of the the issue

Verifies the signature of each image with given public keysNote, this control is configurable. See below the details.

Related resources

CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet

What does this control test

Verifies the signature of each image with given public keys

How to check it manually

Remediation

Replace the image with an image that is signed correctly

Impact Statement

Default Value

Configuration

This control can be configured using the following parameters. Read CLI/UI documentation about how to change parameters.

Trusted Cosign public keys

trustedCosignPublicKeys
A list of trusted Cosign public keys that are used for validating container image signatures.

Example

No example