diff --git a/pkg/webhooks/resource/ivpol/handler.go b/pkg/webhooks/resource/ivpol/handler.go
index 8aa5d4748e..648e95adfc 100644
--- a/pkg/webhooks/resource/ivpol/handler.go
+++ b/pkg/webhooks/resource/ivpol/handler.go
@@ -14,6 +14,7 @@ import (
 	admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
 	jsonutils "github.com/kyverno/kyverno/pkg/utils/json"
 	"github.com/kyverno/kyverno/pkg/webhooks/handlers"
+	"go.uber.org/multierr"
 	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 )
 
@@ -42,6 +43,15 @@ func (h *handler) Mutate(ctx context.Context, logger logr.Logger, admissionReque
 	return h.mutationResponse(request, response, rawPatches)
 }
 
+func (h *handler) Validate(ctx context.Context, logger logr.Logger, admissionRequest handlers.AdmissionRequest, failurePolicy string, startTime time.Time) handlers.AdmissionResponse {
+	request := celengine.RequestFromAdmission(h.context, admissionRequest.AdmissionRequest)
+	response, err := h.engine.HandleValidating(ctx, request)
+	if err != nil {
+		return admissionutils.Response(admissionRequest.UID, err)
+	}
+	return h.validationResponse(request, response)
+}
+
 func (h *handler) mutationResponse(request celengine.EngineRequest, response eval.ImageVerifyEngineResponse, rawPatches []byte) handlers.AdmissionResponse {
 	var warnings []string
 	for _, policy := range response.Policies {
@@ -56,3 +66,27 @@ func (h *handler) mutationResponse(request celengine.EngineRequest, response eva
 	}
 	return admissionutils.MutationResponse(request.AdmissionRequest().UID, rawPatches, warnings...)
 }
+
+func (h *handler) validationResponse(request celengine.EngineRequest, response eval.ImageVerifyEngineResponse) handlers.AdmissionResponse {
+	var errs []error
+	var warnings []string
+	for _, policy := range response.Policies {
+		if policy.Actions.Has(admissionregistrationv1.Deny) {
+			switch policy.Result.Status() {
+			case engineapi.RuleStatusFail:
+				errs = append(errs, fmt.Errorf("Policy %s failed: %s", policy.Policy.GetName(), policy.Result.Message()))
+			case engineapi.RuleStatusError:
+				errs = append(errs, fmt.Errorf("Policy %s error: %s", policy.Policy.GetName(), policy.Result.Message()))
+			}
+		}
+		if policy.Actions.Has(admissionregistrationv1.Warn) {
+			switch policy.Result.Status() {
+			case engineapi.RuleStatusFail:
+				warnings = append(warnings, fmt.Sprintf("Policy %s failed: %s", policy.Policy.GetName(), policy.Result.Message()))
+			case engineapi.RuleStatusError:
+				warnings = append(warnings, fmt.Sprintf("Policy %s error: %s", policy.Policy.GetName(), policy.Result.Message()))
+			}
+		}
+	}
+	return admissionutils.Response(request.AdmissionRequest().UID, multierr.Combine(errs...), warnings...)
+}