Artifact Integrity Policies

Artifact Integrity policies validate the source and integrity of artifacts running in cloud environments.

These policies ensure that artifacts originate from approved build pipelines and trusted registries, helping confirm that deployed software has not been altered or introduced outside authorized processes. Enforcing artifact integrity reduces supply chain risk and helps maintain trust in the software delivery process.

The article describes the policies in this category, configuration options, and the impact of policy violations. For an overview of policies and policy management, see the Policies article and a more detailed article on the policy group Artifact Integrity.

View and manage Artifact Integriy policies

Open each policy to view the business impact and optional settings.

Cloud artifact is not from a trusted registry

Purpose: Detect running artifacts that originate from registries not associated with an approved CI/CD process.

Business impact: Artifacts from untrusted registries increase the risk of deploying tampered or malicious images. This can lead to security breaches, data exposure, or compromised runtime environments.

Setting

Description

Default

ON/OFF (toggle)

Enable/disable the policy.

OFF

Ignore Application Business Priority for severity calculation (checkbox)

When enabled, severity is not adjusted based on application priority.

OFF

Trusted registry and images

Click to add

Current setting

Registry artifact is not from CI/CD

Purpose: Validates that artifacts running in the cloud have a corresponding build record in the CI/CD pipeline to confirm they were produced through an approved build process. Enforcing CI/CD provenance helps ensure artifact integrity and reduces the risk of supply-chain compromise.

Business impact: Running artifacts that cannot be traced back to a CI/CD pipeline may have been introduced outside approved workflows. This increases the risk of deploying tampered or malicious artifacts.