Skip to content

kyverno/kyverno

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

8,812 Commits
.devcontainer
.devcontainer
Β 
Β 
.github
.github
Β 
Β 
.vscode
.vscode
Β 
Β 
api
api
Β 
Β 
charts
charts
Β 
Β 
cmd
cmd
Β 
Β 
config
config
Β 
Β 
docs
docs
Β 
Β 
ext
ext
Β 
Β 
hack
hack
Β 
Β 
img
img
Β 
Β 
litmuschaos
litmuschaos
Β 
Β 
pkg
pkg
Β 
Β 
scripts
scripts
Β 
Β 
test
test
Β 
Β 
.chainsaw.yaml
.chainsaw.yaml
Β 
Β 
.codeclimate.yml
.codeclimate.yml
Β 
Β 
.directory
.directory
Β 
Β 
.gitignore
.gitignore
Β 
Β 
.golangci.yml
.golangci.yml
Β 
Β 
.goreleaser.yml
.goreleaser.yml
Β 
Β 
.ko.yaml
.ko.yaml
Β 
Β 
.krew.yaml
.krew.yaml
Β 
Β 
.nancy-ignore
.nancy-ignore
Β 
Β 
ADOPTERS.md
ADOPTERS.md
Β 
Β 
CHANGELOG.md
CHANGELOG.md
Β 
Β 
CODEOWNERS
CODEOWNERS
Β 
Β 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
Β 
Β 
CONTRIBUTING.md
CONTRIBUTING.md
Β 
Β 
CONTRIBUTORS.md
CONTRIBUTORS.md
Β 
Β 
DEVELOPMENT.md
DEVELOPMENT.md
Β 
Β 
GOVERNANCE.md
GOVERNANCE.md
Β 
Β 
LICENSE
LICENSE
Β 
Β 
MAINTAINERS.md
MAINTAINERS.md
Β 
Β 
Makefile
Makefile
Β 
Β 
OWNERS.md
OWNERS.md
Β 
Β 
README.md
README.md
Β 
Β 
ROADMAP.md
ROADMAP.md
Β 
Β 
SECURITY-INSIGHTS.yml
SECURITY-INSIGHTS.yml
Β 
Β 
SECURITY.md
SECURITY.md
Β 
Β 
codecov.yml
codecov.yml
Β 
Β 
go.mod
go.mod
Β 
Β 
go.sum
go.sum
Β 
Β 
sonar-project.properties
sonar-project.properties
Β 
Β 

Repository files navigation

Kyverno Tweet

Cloud Native Policy Management πŸŽ‰

Build Status Go Report Card License: Apache-2.0 GitHub Repo stars CII Best Practices OpenSSF Scorecard SLSA 3 Artifact HUB codecov FOSSA Status

Kyverno Logo

πŸ“‘ Table of Contents

About Kyverno

Kyverno is a Kubernetes-native policy engine designed for platform engineering teams. It enables security, compliance, automation, and governance through policy-as-code. Kyverno can:

  • Validate, mutate, generate, and clean up resources using Kubernetes admission controls and background scans.
  • Verify container image signatures for supply chain security.
  • Operate with tools you already use β€” like kubectl, kustomize, and Git.
Open Source Security Index badge

πŸ“™ Documentation

Kyverno installation and reference documentation is available at kyverno.io.

πŸŽ₯ Demos & Tutorials

🎯 Popular Use Cases

Kyverno helps platform teams enforce best practices and security standards. Some common use cases include:

1. Security & Compliance

  • Enforce Pod Security Standards (PSS)
  • Require specific security contexts
  • Validate container image sources and signatures
  • Enforce CIS Benchmark policies

2. Operational Excellence

  • Auto-label workloads
  • Enforce naming conventions
  • Generate default configurations (e.g., NetworkPolicies)
  • Validate YAML and Helm manifests

3. Cost Optimization

  • Enforce resource quotas and limits
  • Require cost allocation labels
  • Validate instance types
  • Clean up unused resources

4. Developer Guardrails

  • Require readiness/liveness probes
  • Enforce ingress/egress policies
  • Validate container image versions
  • Auto-inject config maps or secrets

πŸ“š Explore the Policy Library

Discover hundreds of production-ready Kyverno policies for security, operations, cost control, and developer enablement.

πŸ‘‰ Browse the Policy Library

πŸ™‹ Getting Help

We’re here to help:

βž• Contributing

Thank you for your interest in contributing to Kyverno!

🧾 Software Bill of Materials

All Kyverno images include a Software Bill of Materials (SBOM) in CycloneDX format. SBOMs are available at:

πŸ‘₯ Contributors

Kyverno is built and maintained by our growing community of contributors!

Contributors image

Made with contributors-img

πŸ“„ License

Copyright 2025, the Kyverno project. All rights reserved.
Kyverno is licensed under the Apache License 2.0.

Kyverno is a Cloud Native Computing Foundation (CNCF) Incubating project and was contributed by Nirmata.

About

Cloud Native Policy Management

kyverno.io

Topics

kubernetes policy-management

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

6.6k stars

Watchers

50 watching

Forks

1.1k forks
Report repository

Releases 257

v1.15.0 Latest
Jul 31, 2025
+ 256 releases

Packages

 
 
 

Contributors 403

+ 389 contributors

Languages
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy