kyverno · kyverno-bot · Mar 5, 2026
diff --git a/other/verify-image-ivpol/.chainsaw-test/bad.yaml b/other/verify-image-ivpol/.chainsaw-test/bad.yaml
@@ -5,5 +5,5 @@ metadata:
 spec:
   containers:
     - name: test-container
-      image: 'docker.io/mohdcode/kyverno@sha256:b178bb94b508183cddda73829e007c7ae2c6996324b2fc1f1746f2281e635f7a'
+      image: 'ghcr.io/kyverno/test-verify-image:unsigned'
       imagePullPolicy: Always
diff --git a/other/verify-image-ivpol/.chainsaw-test/good.yaml b/other/verify-image-ivpol/.chainsaw-test/good.yaml
@@ -5,5 +5,5 @@ metadata:
 spec:
   containers:
     - name: test-container
-      image: 'docker.io/mohdcode/kyverno@sha256:2215deb786eb4039647d8d2881d1b5290ec2c200e14ba1535b0cdd58b69a1bcf'
+      image: 'ghcr.io/kyverno/test-verify-image:signed'
       imagePullPolicy: Always
diff --git a/other/verify-image-ivpol/.chainsaw-test/policy-ready.yaml b/other/verify-image-ivpol/.chainsaw-test/policy-ready.yaml
@@ -4,13 +4,12 @@ metadata:
   name: verify-image-ivpol
 status:
   conditionStatus:
-            (conditions[?type == 'RBACPermissionsGranted']):
-            - message: Policy is ready for reporting.
-              reason: Succeeded
-              status: "True"
-            (conditions[?type == 'WebhookConfigured']):
-            - message: Webhook configured.
-              reason: Succeeded
-              status: "True"
-              type: WebhookConfigured
-
+    (conditions[?type == 'RBACPermissionsGranted']):
+    - message: Policy is ready for reporting.
+      reason: Succeeded
+      status: "True"
+    (conditions[?type == 'WebhookConfigured']):
+    - message: Webhook configured.
+      reason: Succeeded
+      status: "True"
+      type: WebhookConfigured
diff --git a/other/verify-image-ivpol/artifacthub-pkg.yml b/other/verify-image-ivpol/artifacthub-pkg.yml
@@ -19,4 +19,4 @@ readme: |
 annotations:
   kyverno/category: "Software Supply Chain Security, EKS Best Practices"
   kyverno/subject: "Pod"
-digest: c315f0db7538deb20debade15ceb0fcbbdf4e526512acac6af95048dd1ecb0e5
+digest: 1209421396e95a711908a3061e482fa06734fa474e90701222a8daa835f984d9
diff --git a/other/verify-image-ivpol/verify-image-ivpol.yaml b/other/verify-image-ivpol/verify-image-ivpol.yaml
@@ -29,18 +29,34 @@ spec:
         operations: ["CREATE", "UPDATE"]
         resources: ["pods"]
   matchImageReferences:
-        - glob : "docker.io/mohdcode/kyverno*"
+    - glob: ghcr.io/kyverno/test-verify-image*
   attestors:
-  - name: cosign
-    cosign:
-     key:
-      data: |
-                -----BEGIN PUBLIC KEY-----
-                MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6QsNef3SKYhJVYSVj+ZfbPwJd0pv
-                DLYNHXITZkhIzfE+apcxDjCCkDPcJ3A3zvhPATYOIsCxYPch7Q2JdJLsDQ==
-                -----END PUBLIC KEY-----
+    - name: notary
+      notary:
+        certs:
+          value: |-
+            -----BEGIN CERTIFICATE-----
+            MIIDTTCCAjWgAwIBAgIJAPI+zAzn4s0xMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNV
+            BAYTAlVTMQswCQYDVQQIDAJXQTEQMA4GA1UEBwwHU2VhdHRsZTEPMA0GA1UECgwG
+            Tm90YXJ5MQ0wCwYDVQQDDAR0ZXN0MB4XDTIzMDUyMjIxMTUxOFoXDTMzMDUxOTIx
+            MTUxOFowTDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRAwDgYDVQQHDAdTZWF0
+            dGxlMQ8wDQYDVQQKDAZOb3RhcnkxDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3
+            DQEBAQUAA4IBDwAwggEKAoIBAQDNhTwv+QMk7jEHufFfIFlBjn2NiJaYPgL4eBS+
+            b+o37ve5Zn9nzRppV6kGsa161r9s2KkLXmJrojNy6vo9a6g6RtZ3F6xKiWLUmbAL
+            hVTCfYw/2n7xNlVMjyyUpE+7e193PF8HfQrfDFxe2JnX5LHtGe+X9vdvo2l41R6m
+            Iia04DvpMdG4+da2tKPzXIuLUz/FDb6IODO3+qsqQLwEKmmUee+KX+3yw8I6G1y0
+            Vp0mnHfsfutlHeG8gazCDlzEsuD4QJ9BKeRf2Vrb0ywqNLkGCbcCWF2H5Q80Iq/f
+            ETVO9z88R7WheVdEjUB8UrY7ZMLdADM14IPhY2Y+tLaSzEVZAgMBAAGjMjAwMAkG
+            A1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0G
+            CSqGSIb3DQEBCwUAA4IBAQBX7x4Ucre8AIUmXZ5PUK/zUBVOrZZzR1YE8w86J4X9
+            kYeTtlijf9i2LTZMfGuG0dEVFN4ae3CCpBst+ilhIndnoxTyzP+sNy4RCRQ2Y/k8
+            Zq235KIh7uucq96PL0qsF9s2RpTKXxyOGdtp9+HO0Ty5txJE2txtLDUIVPK5WNDF
+            ByCEQNhtHgN6V20b8KU2oLBZ9vyB8V010dQz0NRTDLhkcvJig00535/LUylECYAJ
+            5/jn6XKt6UYCQJbVNzBg/YPGc1RF4xdsGVDBben/JXpeGEmkdmXPILTKd9tZ5TC0
+            uOKpF5rWAruB5PCIrquamOejpXV9aQA/K2JQDuc0mcKz
+            -----END CERTIFICATE-----
   validations:
     - expression: >-
-       images.containers.map(image, verifyImageSignatures(image, [attestors.cosign])).all(e ,e > 0)
+       images.containers.map(image, verifyImageSignatures(image, [attestors.notary])).all(e ,e > 0)
       message: >-
        failed the verification