https://github.com/kyverno/kyverno
Cloud Native Policy Management
https://github.com/kyverno/kyverno
kubernetes policy-management
Last synced: about 2 months ago
JSON representation
Cloud Native Policy Management
- Host: GitHub
- URL: https://github.com/kyverno/kyverno
- Owner: kyverno
- License: apache-2.0
- Created: 2019-02-04T16:25:48.000Z (about 7 years ago)
- Default Branch: main
- Last Pushed: 2025-04-10T15:02:45.000Z (12 months ago)
- Last Synced: 2025-04-10T16:43:56.482Z (12 months ago)
- Topics: kubernetes, policy-management
- Language: Go
- Homepage: https://kyverno.io
- Size: 136 MB
- Stars: 6,207
- Watchers: 49
- Forks: 986
- Open Issues: 417
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: CODEOWNERS
- Security: SECURITY-INSIGHTS.yml
- Governance: GOVERNANCE.md
- Roadmap: ROADMAP.md
Awesome Lists containing this project
- awesome-grc-engineering - GitHub
- DevSecOps - https://github.com/kyverno/kyverno - the-badge) | (Policy as code)
- awesome-modern-devops - kyverno - Cloud-Native policy management tool. (Containers)
- awesome-platform-engineering - Kyverno - Kubernetes Native Policy Management (Policy as code / Regex)
- awesome-eks - Kyverno
- awesome-k8s-resources - Kyverno - Kyverno is a policy engine designed for Kubernetes. It can validate, mutate, and generate configurations using admission controls and background scans. (Tools and Libraries / Security and Compliance)
- awesome-software-supply-chain-security - Kyverno -  - A policy engine designed for Kubernetes. It can validate, mutate, and generate configurations using admission controls and background scans. Kyverno policies are Kubernetes resources and do not require learning a new language. Kyverno is designed to work nicely with tools you already use like kubectl, kustomize, and Git. (Kubernetes Admission Controller)
- awesome-starts - kyverno/kyverno - Kubernetes Native Policy Management (Go)
- AiTreasureBox - kyverno/kyverno - 11-03_7049_0](https://img.shields.io/github/stars/kyverno/kyverno.svg)|Cloud Native Policy Management| (Repos)
- awesome-repositories - kyverno/kyverno - Unified Policy as Code (Go)
- awesome-policy-as-code - Kyverno - A policy engine designed for Kubernetes. It can validate, mutate, and generate configurations using admission controls and background scans (Tools / Others)
- awesome-kubernetes-configuration-management - Kyverno
README
# Kyverno [](https://twitter.com/intent/tweet?text=Cloud%20Native%20Policy%20Management.%20No%20new%20language%20required%1&url=https://github.com/kyverno/kyverno/&hashtags=kubernetes,devops)
**Cloud Native Policy Management π**
[](https://github.com/kyverno/kyverno/actions)
[](https://goreportcard.com/report/github.com/kyverno/kyverno)
[](https://github.com/kyverno/kyverno/stargazers)
[](https://bestpractices.coreinfrastructure.org/projects/5327)
[](https://securityscorecards.dev/viewer/?uri=github.com/kyverno/kyverno)
[](https://slsa.dev)
[](https://artifacthub.io/packages/search?repo=kyverno)
[](https://app.codecov.io/gh/kyverno/kyverno/branch/main)
[](https://app.fossa.com/projects/git%2Bgithub.com%2Fkyverno%2Fkyverno?ref=badge_shield)
## π Table of Contents
- [About Kyverno](#about-kyverno)
- [Documentation](#-documentation)
- [Demos & Tutorials](#-demos--tutorials)
- [Popular Use Cases](#-popular-use-cases)
- [Explore the Policy Library](#-explore-the-policy-library)
- [Getting Help](#-getting-help)
- [Contributing](#-contributing)
- [Software Bill of Materials](#software-bill-of-materials)
- [Community Highlights](#-community-highlights)
- [Contributors](#contributors)
- [License](#license)
## About Kyverno
Kyverno is a Kubernetes-native policy engine designed for platform engineering teams. It enables security, compliance, automation, and governance through policy-as-code. Kyverno can:
- Validate, mutate, generate, and clean up resources using Kubernetes admission controls and background scans.
- Verify container image signatures for supply chain security.
- Operate with tools you already use β like `kubectl`, `kustomize`, and Git.
## π Documentation
Kyverno installation and reference documentation is available at [kyverno.io](https://kyverno.io).
- π **[Quick Start](https://kyverno.io/docs/introduction/#quick-start)**
- π **[Installation Guide](https://kyverno.io/docs/installation/)**
- π **[Policy Library](https://kyverno.io/policies/)**
## π₯ Demos & Tutorials
- βΆοΈ [Getting Started with Kyverno β YouTube](https://www.youtube.com/results?search_query=kyverno+tutorial)
- π§ͺ [Kyverno Playground](https://playground.kyverno.io/)
## π― Popular Use Cases
Kyverno helps platform teams enforce best practices and security standards. Some common use cases include:
### 1. **Security & Compliance**
- Enforce Pod Security Standards (PSS)
- Require specific security contexts
- Validate container image sources and signatures
- Enforce CIS Benchmark policies
### 2. **Operational Excellence**
- Auto-label workloads
- Enforce naming conventions
- Generate default configurations (e.g., NetworkPolicies)
- Validate YAML and Helm manifests
### 3. **Cost Optimization**
- Enforce resource quotas and limits
- Require cost allocation labels
- Validate instance types
- Clean up unused resources
### 4. **Developer Guardrails**
- Require readiness/liveness probes
- Enforce ingress/egress policies
- Validate container image versions
- Auto-inject config maps or secrets
## π Explore the Policy Library
Discover hundreds of production-ready Kyverno policies for security, operations, cost control, and developer enablement.
π [Browse the Policy Library](https://kyverno.io/policies/)
## π Getting Help
Weβre here to help:
- π File a [GitHub Issue](https://github.com/kyverno/kyverno/issues)
- π¬ Join the [Kyverno Slack Channel](https://slack.k8s.io/#kyverno)
- π
Attend [Community Meetings](https://kyverno.io/community/#community-meetings)
- βοΈ [Star this repository](https://github.com/kyverno/kyverno/stargazers) to stay updated
## β Contributing
Thank you for your interest in contributing to Kyverno!
- β
Read the [Contribution Guidelines](/CONTRIBUTING.md)
- 𧡠Join [GitHub Discussions](https://github.com/kyverno/kyverno/discussions)
- π Read the [Development Guide](/DEVELOPMENT.md)
- π Check [Good First Issues](https://github.com/kyverno/kyverno/labels/good%20first%20issue) and request with `/assign`
- π± Explore the [Community page](https://kyverno.io/community/)
## π§Ύ Software Bill of Materials
All Kyverno images include a Software Bill of Materials (SBOM) in [CycloneDX](https://cyclonedx.org/) format. SBOMs are available at:
- π [`ghcr.io/kyverno/sbom`](https://github.com/orgs/kyverno/packages?tab=packages&q=sbom)
- π [Fetching the SBOM](https://kyverno.io/docs/security/#fetching-the-sbom-for-kyverno)
## π₯ Contributors
Kyverno is built and maintained by our growing community of contributors!
_Made with [contributors-img](https://contrib.rocks)_
## π License
Copyright 2025, the Kyverno project. All rights reserved.
Kyverno is licensed under the [Apache License 2.0](LICENSE).
Kyverno is a [Cloud Native Computing Foundation (CNCF) Incubating project](https://www.cncf.io/projects/) and was contributed by [Nirmata](https://nirmata.com/?utm_source=github&utm_medium=repository).