feat: switch Kyverno image verification to Enforce mode
All current images in dev/staging/prod are signed with cosign. CI pipeline signs new images automatically. Enforce mode will block unsigned images from our registry. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
38f1afcf2d
commit
3992d69c8e
@ -10,7 +10,7 @@ metadata:
|
||||
policies.kyverno.io/category: Supply Chain Security
|
||||
policies.kyverno.io/severity: high
|
||||
spec:
|
||||
validationFailureAction: Audit
|
||||
validationFailureAction: Enforce
|
||||
background: true
|
||||
webhookTimeoutSeconds: 30
|
||||
failurePolicy: Ignore
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user