Sample policies for use with policy-controller live in the examples directory of the project. Images have a signed SPDX SBOM attestation from a custom key # This sample policy asserts that all images must have a signed SPDX SBOM (spdxjson) attestation using a custom key. apiVersion: policy.sigstore.dev/v1alpha1 kind: ClusterImagePolicy metadata: name: custom-key-attestation-sbom-spdxjson spec: images: - glob: "**" authorities: - name: custom-key key: data: | -----BEGIN PUBLIC KEY----- MFkwEwY...| Sigstore
Admission Controller # The policy-controller admission controller can be used to enforce policy on a Kubernetes cluster based on verifiable supply-chain metadata from cosign. policy-controller also resolves the image tags to ensure the image being ran is not different from when it was admitted. See the installation instructions for more information. This component is still actively under development! Today, policy-controller can automatically validate signatures and attestations on container ...| Sigstore
Overview ¶| pkg.go.dev