diff --git a/manifests/Kptfile b/manifests/Kptfile
index d8dcd4b..3728688 100644
--- a/manifests/Kptfile
+++ b/manifests/Kptfile
@@ -1,22 +1,8 @@
-# Copyright 2021 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 apiVersion: kpt.dev/v1
 kind: Kptfile
 metadata:
   name: gatekeeper-securitycenter
   annotations:
-    config.kubernetes.io/local-config: 'true'
+    config.kubernetes.io/local-config: "true"
 info:
   description: kpt package for gatekeeper-securitycenter
diff --git a/manifests/README.md b/manifests/README.md
index a003004..f8cb068 100644
--- a/manifests/README.md
+++ b/manifests/README.md
@@ -16,7 +16,7 @@ This package assumes that you have already created the
 ### Fetch this package
 
 ```sh
-VERSION=v0.2.3
+VERSION=v0.2.4
 kpt pkg get https://github.com/GoogleCloudPlatform/gatekeeper-securitycenter.git/manifests@$VERSION manifests
 ```
 
diff --git a/manifests/cluster-role-binding.yaml b/manifests/cluster-role-binding.yaml
index 3437cac..52bad9a 100644
--- a/manifests/cluster-role-binding.yaml
+++ b/manifests/cluster-role-binding.yaml
@@ -11,7 +11,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -23,6 +22,6 @@ roleRef:
   kind: ClusterRole
   apiGroup: rbac.authorization.k8s.io
 subjects:
-- name: gatekeeper-securitycenter-controller
-  namespace: gatekeeper-securitycenter
-  kind: ServiceAccount
+  - name: gatekeeper-securitycenter-controller
+    namespace: gatekeeper-securitycenter
+    kind: ServiceAccount
diff --git a/manifests/cluster-role.yaml b/manifests/cluster-role.yaml
index 53e5b61..214997e 100644
--- a/manifests/cluster-role.yaml
+++ b/manifests/cluster-role.yaml
@@ -11,7 +11,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -19,10 +18,10 @@ metadata:
   labels:
     gatekeeper-securitycenter/system: 'yes'
 rules:
-- resources:
-  - '*'
-  apiGroups:
-  - '*'
-  verbs:
-  - get
-  - list
+  - resources:
+      - '*'
+    apiGroups:
+      - '*'
+    verbs:
+      - get
+      - list
diff --git a/manifests/config-map.yaml b/manifests/config-map.yaml
index ff06c89..5e94bd8 100644
--- a/manifests/config-map.yaml
+++ b/manifests/config-map.yaml
@@ -11,7 +11,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
 apiVersion: v1
 kind: ConfigMap
 metadata:
diff --git a/manifests/deployment.yaml b/manifests/deployment.yaml
index b6a8c68..483c211 100644
--- a/manifests/deployment.yaml
+++ b/manifests/deployment.yaml
@@ -11,7 +11,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -39,38 +38,38 @@ spec:
     spec:
       serviceAccountName: gatekeeper-securitycenter-controller
       containers:
-      - name: manager
-        image: ko://github.com/googlecloudplatform/gatekeeper-securitycenter # kpt-set: ${image}
-        args:
-        - findings
-        - manager
-        - --source=$(SOURCE)
-        - --cluster=$(CLUSTER)
-        - --interval=120 # kpt-set: --interval=${interval}
-        - --dry-run=false # kpt-set: --dry-run=${dry-run}
-        env:
-        - name: SOURCE
-          valueFrom:
-            configMapKeyRef:
-              name: gatekeeper-securitycenter-config
-              key: SOURCE_NAME
-        - name: CLUSTER
-          valueFrom:
-            configMapKeyRef:
-              name: gatekeeper-securitycenter-config
-              key: CLUSTER_NAME
-        - name: DEBUG
-          value: "false" # kpt-set: ${debug-env}
-        resources:
-          requests:
-            cpu: 250m # kpt-set: ${request-cpu}
-            memory: 512Mi # kpt-set: ${request-memory}
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - all
-          readOnlyRootFilesystem: true
-          runAsGroup: 65532
-          runAsNonRoot: true
-          runAsUser: 65532
+        - name: manager
+          image: ghcr.io/googlecloudplatform/gatekeeper-securitycenter:v0.2.4@sha256:e6498c4337a0e3af05b7b6d84f1664474853e24398b580f1274c9a2efe9332af # kpt-set: ${image}
+          args:
+            - findings
+            - manager
+            - --source=$(SOURCE)
+            - --cluster=$(CLUSTER)
+            - --interval=120 # kpt-set: --interval=${interval}
+            - --dry-run=false # kpt-set: --dry-run=${dry-run}
+          env:
+            - name: SOURCE
+              valueFrom:
+                configMapKeyRef:
+                  name: gatekeeper-securitycenter-config
+                  key: SOURCE_NAME
+            - name: CLUSTER
+              valueFrom:
+                configMapKeyRef:
+                  name: gatekeeper-securitycenter-config
+                  key: CLUSTER_NAME
+            - name: DEBUG
+              value: "false" # kpt-set: ${debug-env}
+          resources:
+            requests:
+              cpu: 250m # kpt-set: ${request-cpu}
+              memory: 512Mi # kpt-set: ${request-memory}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - all
+            readOnlyRootFilesystem: true
+            runAsGroup: 65532
+            runAsNonRoot: true
+            runAsUser: 65532
diff --git a/manifests/namespace.yaml b/manifests/namespace.yaml
index 0da0ddf..67d7d79 100644
--- a/manifests/namespace.yaml
+++ b/manifests/namespace.yaml
@@ -11,7 +11,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
 apiVersion: v1
 kind: Namespace
 metadata:
diff --git a/manifests/service-account.yaml b/manifests/service-account.yaml
index 65bc02c..45fda04 100644
--- a/manifests/service-account.yaml
+++ b/manifests/service-account.yaml
@@ -11,7 +11,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
 apiVersion: v1
 kind: ServiceAccount
 metadata: