diff --git a/Makefile b/Makefile
index 30733f73..6b10c9a9 100644
--- a/Makefile
+++ b/Makefile
@@ -4,6 +4,7 @@ IMG ?= ngrok-operator
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.29.0
 
+# Repository URL
 REPO_URL = github.com/ngrok/ngrok-operator
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
diff --git a/tests/chainsaw/operator-registration/chainsaw-test.yaml b/tests/chainsaw/operator-registration/chainsaw-test.yaml
new file mode 100644
index 00000000..f22727a0
--- /dev/null
+++ b/tests/chainsaw/operator-registration/chainsaw-test.yaml
@@ -0,0 +1,58 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: operator-registration
+spec:
+  steps:
+  - name: assert KubernetesOperator/ngrok-operator is registered
+    try:
+    - assert:
+        resource:
+          apiVersion: ngrok.k8s.ngrok.com/v1alpha1
+          kind: KubernetesOperator
+          metadata:
+            name: ngrok-operator
+            namespace: ngrok-operator
+          spec:
+            deployment:
+              name: ngrok-operator
+              namespace: ngrok-operator
+            enabledFeatures:
+            - ingress
+            - bindings
+            # - gateway
+            binding:
+              tlsSecretName: ngrok-operator-default-tls
+              (name != null && starts_with(name, 'k8s/')): true
+          status:
+            registrationStatus: registered
+            (id != null && starts_with(id, 'k8sop_')): true
+            (uri != null): true
+
+  - name: assert Secret/ngrok-operator-default-tls exists (CSR is signed)
+    try:
+    - assert:
+        resource:
+          apiVersion: v1
+          kind: Secret
+          metadata:
+            name: ngrok-operator-default-tls
+            namespace: ngrok-operator
+          type: kubernetes.io/tls
+          data:
+            ("tls.crt" != null): true
+            ("tls.csr" != null): true
+            ("tls.key" != null): true
+
+  - name: assert Configmap/ngrok-intermediate-ca exists (tunnels/forwarders will work)
+    try:
+    - assert:
+        resource:
+          apiVersion: v1
+          kind: ConfigMap
+          metadata:
+            name: ngrok-intermediate-ca
+            namespace: ngrok-operator
+          data:
+            ("root.crt" != null): true