Image Signature Validation Policy
The Image Signature Validation policy enforces that only container images signed by trusted sources are admitted into Kubernetes Clusters. This prevents the use of unsigned or tampered images in your workloads.
The Sysdig Image Signature validation is powered by Cosign.
Limitations
- Container Workloads scanned Agentlessly are not supported.
- Runtime Container Workloads post-admission are not yet supported.
- Registry-level enforcement and attestations are not yet supported.
- CLI Level enforcement and attestations are not yet supported.
Current Capabilities
Available Stages:
Admission Control Stage
An Admission Control stage and scope is specifically used with the Sysdig Admission Controller. This stage supports the following filtering in an AND fashion and can be used to Warn or Reject images that fail the policy checks. It is the only Sysdig Vulnerability Management Policy with a Warning function.
- Scopes:
- Kubernetes Labels:
kubernetes.cluster.distribution,kubernetes.cluster.name,kubernetes.namespace.name,kubernetes.node.name,kubernetes.pod.container.name,kubernetes.workload.name,kubernetes.workload.type - Supported Operators:
is: Single Value,is not: Single Value,in: Single Value or List,not in: Single Value or List,contains: Single Value,not contains: Single Value,starts with: Single Value - Image Reference: The pullstring of the image you wish to target for the specific Registry or Repository
- Supported Operators:
starts with: Single Value,is: Single Value,is not: Single Value,contains: Single Value,not contains: Single Value
- Supported Operators:
- Kubernetes Labels:
Example Use Cases
- Enforce that all production workloads use images signed by your CI/CD pipeline.
- Prevent unsigned third-party images from being deployed.
- Align with compliance frameworks requiring artifact signature validation.
Image Signature Validations
Public Key
Leveraging Cosign, you can validate signatures against configured public keys.
To achieve this you will need to input the Public Key in standard PEM format into the Policy configuration.
Example Key in PEM Format:
-----BEGIN PUBLIC KEY-----
MFswDQYJKoZIhvcNAQEBBQADSgAwRwJAXWRPQyGlEY+SXz8Uslhe+MLjTgWd8lf/
nA0hgCm9JFKC1tq1S73cQ9naClNXsMqY7pwPt1bSY8jYRqHHbdoUvwIDAQAB
-----END PUBLIC KEY-----
OIDC Provider
Levaraging Cosign, you can validate signatures issued by trusted OIDC providers (e.g., GitHub Actions, Google, or other CI/CD systems such as RHTAS).
To achieve this you will need to input multiple pieces of data for the policy:
- Certificate Chain in PEM format (Optional) - Used to override the Certificate Chain provided by the TUF root configured in the Sysdig Cluster Shield configuration.
Example Certificate Chain in PEM Format:
-----BEGIN CERTIFICATE-----
MIIGczCCBJegAwIBAgIQDk... (Your Server Certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF7jCCA9mgAwIBAgIQ... (Intermediate Certificate 1)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF7jCCA9mgAwIBAgIQ... (Intermediate Certificate 2 - if applicable)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF7jCCA9mgAwIBAgIQ... (Root Certificate)
-----END CERTIFICATE-----
- OIDC Issuer - The OIDC issuer of the Image Signature e.g.
https://github.com/login/oauth- Accepts Regexp format supported by Cosign e.g.
^https://token.actions.githubusercontent.com$orhttps://github.com.*orhttps://keycloak-route-name.apps.cluster-domain.example.com.* - Supports OIDC Issuers (GitHub, Keycloak, Google OAuth, AWS STS, Microsoft Entra ID, etc.) so long as cosign verify is compatible with that issuer.
- Accepts Regexp format supported by Cosign e.g.
- Certificate Identity - The identity of the issuer e.g.
john.smith@sysdig.com- Accepts Regexp format supported by Cosign e.g.
^https://github.com/my-org/my-repo/.github/workflows/build.yml@refs/heads/main$or^https://github.com/my-org/.*or'^system:serviceaccount:my-namespace:my-service-account$'or^user@example.com$
- Accepts Regexp format supported by Cosign e.g.
Integration Guides
The Image Signature Validation Policy can integrate with multiple signing and verification sources depending on your organization’s environment and trust model.
Refer to the following guides for setup instructions specific to each integration type:
| Integration Type | Description | Link |
|---|---|---|
| Red Hat Trusted Artifact Signer (RHTAS) | Use a Red Hat–supported Sigstore deployment to verify images signed within Red Hat or OpenShift environments. | How to Integrate with RHTAS |
| GitHub + Sigstore | Verify images signed by GitHub Actions workflows using Sigstore’s public Fulcio and Rekor services. | How to Integrate with GitHub + Sigstore |
| Self-Hosted Sigstore | Integrate with your organization’s private Sigstore stack (Fulcio, Rekor, and TUF) for internal OIDC or key-based signing. | How to Integrate with a Self-Hosted Sigstore |
This list is not exhaustive. Sysdig supports verification through any standard Cosign mechanism as long as cosign verify is compatible with your signing configuration and cosign verify is compatible with that issuer.
Signature Caching
The Sysdig Admission Controller uses a 15-minute cache to reduce registry overhead when validating image signatures.
During this period, any change to an image’s signature in the registry is not immediately reflected. Deployments will continue to be allowed or rejected based on the cached signature state until the cache refreshes.
Using digest-pinned image references and understanding the 15-minute cache behavior ensures predictable validation, consistent security posture, and reliable deployments across environments.
When This Matters
| Scenario | Description | Impact |
|---|---|---|
| 1. Signature added or changed in registry | An image without a valid signature is updated with a valid one while still cached. | The Admission Controller continues to treat the image as unsigned until the 15-minute cache expires. |
| 2. Mutable tags used in deployments | Deployments use mutable tags like latest, 1, or dev that can change over time. | Cached validations may not match the actual image content, potentially leading to inconsistent admission decisions. Mutable tags are not recommended in Kubernetes. |
Sysdig Recommendation
Use immutable image references that include a digest instead of mutable tags. Digest references uniquely identify an image, ensuring reproducible deployments and consistent signature validation.
Example:
nginx@sha256:65fa4b21b132808d912dce4978bc4b42c0ce66d7e73c90a75f79dfe3e6058c4b
Related Compensating Controls
Sysdig’s KSPM controls in tandem with its Admission Controller functionality can help detect workloads using mutable or non-digest image references.
To help; you can create a Sysdig Posture Policy and apply it to your Kubernetes infrastructure with the following controls:
| Control | Description | Why It Matters | What We Check | Recommended Remediation | Severity |
|---|---|---|---|---|---|
| Container using latest image | Flags workloads using the latest tag or no tag. | Mutable tags can change without notice, causing version drift and inconsistent deployments. | Checks: • spec.template.spec.containers.image• spec.template.spec.initContainers.imageFails if tag ends with :latest or is missing. | Use explicit versions or digests (e.g., nginx:1.25.3 or nginx@sha256:<digest>). Enforce immutability in CI/CD or admission policies. | High |
| Container using image without digest | Flags workloads using images referenced only by tag (name:tag). | Tag-only references can be rebuilt or replaced, breaking reproducibility and traceability. | Checks: • spec.template.spec.containers.image• spec.template.spec.initContainers.imageFails if image reference lacks a digest ( @sha256:<hash>). | Replace tag-only references with digest-pinned versions. Update build pipelines to include digests in manifests. | High |
