Verification at admission
The last gate: unsigned means unscheduled.
Everything so far produces evidence — signed commits, provenance, SBOMs, signatures, scan attestations. Verification is where that evidence finally does something: the last gate before an artifact runs refuses anything that does not carry the evidence you require. In Kubernetes this gate is admission control — a policy engine intercepts every pod create and checks the image against your rules before it is ever scheduled. Unsigned, unattested, or wrong-identity means unscheduled. This is the step that turns the whole chain from documentation into enforcement.
Verify identity and attestations, not just presence
A meaningful admission policy checks more than "is it signed." It verifies the signature was made by the exact identity you expect (your CI’s OIDC identity and issuer), that the required attestations are present and valid (provenance from your builder, a passing scan attestation, maybe a minimum SLSA level), and that the image comes from a registry you trust. Each of those is a separate assertion, and skipping any leaves a hole — a signature check alone lets an attacker sign their own image and pass.
apiVersion: kyverno.io/v1kind: ClusterPolicymetadata: { name: require-signed-provenance }spec:validationFailureAction: Enforce # deny, not just warnrules:- name: verify-signature-and-provenancematch: { any: [{ resources: { kinds: [Pod] } }] }verifyImages:- imageReferences: ["registry.acme.internal/*"]attestors:- entries:- keyless:issuer: "https://gitlab.acme.internal"subject: "https://gitlab.acme.internal/acme/*"attestations:- type: https://slsa.dev/provenance/v1 # require provenance, not just a signature