# Image Signature Validation

> Enhances the security and integrity of Sisense by allowing customers to validate Sisense images deployed in their environments. This ensures that the images are official, developed, and maintained by Sisense.

*Source: https://docs.sisense.com/main/SisenseLinux/image-signature-validation.htm*

---

Last updated: June 10, 2026

|  |  |
| --- | --- |
| [Tier](https://www.sisense.com/pricing/#pricing) | [Deployment](https://docs.sisense.com/main/SisenseLinux/introduction-to-sisense-cloud-managed-services.md#ComparisonofManagedCloudandSelfHosted) |
| Enterprise | On-Prem |

To enhance the security and integrity of Sisense, this feature enables you to validate Sisense images deployed in your environment. This ensures that the images are official, developed, and maintained by Sisense.

By default, this feature is disabled.

Enabling this option will perform an extra installation of the `Kyverno` Helm chart in your environment.

[kyverno/charts/kyverno at main · kyverno/kyverno](https://github.com/kyverno/kyverno/tree/main/charts/kyverno)

Kyverno is used to scan container images in your environment and verify that they are signed by Sisense.

**Important Note:**

This feature is not supported for offline or air-gapped installations, as the validation process requires access to our official `quay.io` image repository.

## Resource Usage Considerations

Enabling image signature validation may introduce a slight delay in the installation process due to the validation steps. Additionally, it will slightly increase resource consumption.

**Performance Impact** (based on internal testing):

- **Installation delay:** A few extra minutes
- **CPU usage:** Peaks at approximately 100 milliCPUs
- **Memory usage:** Ranges between 50 MB and 128 MB

## Enabling and Applying Image Signature Validation

To enable image signature validation, modify the configuration file as follows:

[Copy](javascript:void(0);)

```
## Enable image signature validation - true/false  
## When enabled, Kyverno will validate the signatures of all pods images in the 'sisense' namespace  
## and in the 'monitoring' namespace (if enabled)  
signature_validation: true
```

After making this change, proceed with your installation or update as usual.

## Installation Log

During the installation process, the logs will indicate:

- Kyverno installation confirmation
- Application of ClusterPolicy rules for container image validation

By enabling this feature, you enhance security by ensuring that only verified Sisense images are deployed in your environment.

![Kyverno installation](https://docs.sisense.com/main/Resources/Images/kyverno_installation.png)
