Works with your stack

ImageSentinel integrates with your existing CI/CD pipelines, container registries, and Kubernetes clusters. No migration required.

CI/CD Pipelines

GitHub Actions

Pre-built actions for scanning, hardening, and signing images.

GitLab CI

Native GitLab integration with auto-generated pipelines.

Jenkins

Jenkins plugin for automated image hardening.

CircleCI

Orbs for seamless CircleCI integration.

.github/workflows/build.yml
# GitHub Actions
- name: Harden image
  uses: imagesentinel/harden-action@v1
  with:
    image: my-app:latest
    push-to: ghcr.io/myorg/my-app
    sign: true
    sbom: true
.gitlab-ci.yml
# GitLab CI
harden:
  image: imagesentinel/cli:latest
  script:
    - sentinel harden my-app:latest
        --sign
        --sbom
        --push registry.gitlab.com/myorg/my-app

Container Registries

Docker Hub

Push hardened images directly to Docker Hub.

Amazon ECR

Native AWS ECR support with IAM integration.

Google GCR

Push to Google Container Registry or Artifact Registry.

Azure ACR

Azure Container Registry integration.

Harbor

Enterprise Harbor registry support.

Artifactory

JFrog Artifactory integration.

terminal
# Push to any OCI-compatible registry
sentinel harden my-app:latest \
  --push 123456789.dkr.ecr.us-east-1.amazonaws.com/my-app:hardened \
  --push gcr.io/my-project/my-app:hardened \
  --push myregistry.azurecr.io/my-app:hardened

Kubernetes & Policy Engines

Enforce image signature verification at deployment time using admission controllers. ImageSentinel integrates with Kyverno, OPA Gatekeeper, and Sigstore Policy Controller.

  • Kyverno policies for signature verification
  • OPA Gatekeeper constraints
  • Sigstore Policy Controller
  • Binary Authorization (GKE)
kyverno-policy.yaml
# Kyverno policy for ImageSentinel images
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: require-imagesentinel-signature
spec:
  validationFailureAction: Enforce
  rules:
    - name: verify-signature
      match:
        resources:
          kinds: [Pod]
      verifyImages:
        - imageReferences:
            - "registry.imagesentinel.io/*"
          attestors:
            - entries:
                - keyless:
                    issuer: "https://accounts.google.com"
                    subject: "*@imagesentinel.io"

Need a custom integration?

We support any OCI-compatible registry and CI/CD platform. Talk to our team about your requirements.

Contact UsView CI/CD Docs