---
title: "Image Verification"
description: "Policies for enforcing container image signing and provenance. Require Cosign or Notary signatures, verify image attestations, and block unsigned or unverified images."
diataxis: reference
applies_to:
  product: "kyverno"
audience: ["platform-engineer","devsecops"]
last_updated: 2026-03-25
url: https://docs.nirmata.io/docs/policy-sets/image-verification/
---


Kyverno policies for enforcing container image supply chain security.

## What's Covered

- **Cosign verification** — Require images to be signed with Cosign
- **Notary verification** — Enforce Notary v2 signatures
- **Attestation checks** — Validate SBOM and vulnerability scan attestations
- **Registry restrictions** — Allow images only from trusted registries

All image verification policies are available in the [Nirmata policy library on GitHub](https://github.com/nirmata/kyverno-policies/tree/main/VerifyImage).