Attention Iron Bank Customers: On March 27, 2025, we are moving SBOM artifacts from the Anchore Scan job to the Build job to streamline the container hardening pipeline. If you currently download SBOMs from the Anchore Scan job, you can still get them from the Build job and from other sources, including IBFE and image attestations.
This MR adds default kyverno-policy values for the new update-automountserviceaccounttokensclusterpolicy. This clusterpolicy
This policy contains two rules, one that applies to the serviceaccount to disable automounting the token and another rule that applies to the pod that will override the serviceaccount setting because the pod truly needs access to the API.
