diff --git a/infrastructure/kyverno-policies/verify-flux-images.yaml b/infrastructure/kyverno-policies/verify-flux-images.yaml
index bceb040e..61946356 100644
--- a/infrastructure/kyverno-policies/verify-flux-images.yaml
+++ b/infrastructure/kyverno-policies/verify-flux-images.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: verify-flux-images
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Audit
   background: false
   webhookTimeoutSeconds: 30
   failurePolicy: Fail
@@ -28,6 +28,7 @@ spec:
             - "docker.io/fluxcd/notification-controller:*"
             - "docker.io/fluxcd/image-reflector-controller:*"
             - "docker.io/fluxcd/image-automation-controller:*"
+          mutateDigest: false
           attestors:
             - entries:
                 - keyless:
diff --git a/infrastructure/kyverno-policies/verify-git-repositories.yaml b/infrastructure/kyverno-policies/verify-git-repositories.yaml
index ee2ac1c7..f1407245 100644
--- a/infrastructure/kyverno-policies/verify-git-repositories.yaml
+++ b/infrastructure/kyverno-policies/verify-git-repositories.yaml
@@ -6,7 +6,7 @@ spec:
   # This provides users a working example of how an admin
   # would be able to enforce git repository sources across
   # all tenants.
-  validationFailureAction: audit # Change to 'enforce' once the specific org url is set.
+  validationFailureAction: Audit # Change to 'Enforce' once the specific org url is set.
   rules:
     - name: github-repositories-only
       exclude: