kyverno/kyverno
Kyverno 
Cloud Native Policy Management π
π Table of Contents
- About Kyverno
- Documentation
- Demos & Tutorials
- Popular Use Cases
- Explore the Policy Library
- Getting Help
- Contributing
- Software Bill of Materials
- Community Highlights
- Contributors
- License
About Kyverno
Kyverno is a Kubernetes-native policy engine designed for platform engineering teams. It enables security, compliance, automation, and governance through policy-as-code. Kyverno can:
- Validate, mutate, generate, and clean up resources using Kubernetes admission controls and background scans.
- Verify container image signatures for supply chain security.
- Operate with tools you already use β like
kubectl,kustomize, and Git.
π Documentation
Kyverno installation and reference documentation is available at kyverno.io.
- π Quick Start
- π Installation Guide
- π Policy Library
π₯ Demos & Tutorials
π― Popular Use Cases
Kyverno helps platform teams enforce best practices and security standards. Some common use cases include:
1. Security & Compliance
- Enforce Pod Security Standards (PSS)
- Require specific security contexts
- Validate container image sources and signatures
- Enforce CIS Benchmark policies
2. Operational Excellence
- Auto-label workloads
- Enforce naming conventions
- Generate default configurations (e.g., NetworkPolicies)
- Validate YAML and Helm manifests
3. Cost Optimization
- Enforce resource quotas and limits
- Require cost allocation labels
- Validate instance types
- Clean up unused resources
4. Developer Guardrails
- Require readiness/liveness probes
- Enforce ingress/egress policies
- Validate container image versions
- Auto-inject config maps or secrets
π Explore the Policy Library
Discover hundreds of production-ready Kyverno policies for security, operations, cost control, and developer enablement.
π Browse the Policy Library
π Getting Help
Weβre here to help:
- π File a GitHub Issue
- π¬ Join the Kyverno Slack Channel
- π Attend Community Meetings
- βοΈ Star this repository to stay updated
β Contributing
Thank you for your interest in contributing to Kyverno!
- β Read the Contribution Guidelines
- 𧡠Join GitHub Discussions
- π Read the Development Guide
- π Check Good First Issues and request with
/assign - π± Explore the Community page
π§Ύ Software Bill of Materials
All Kyverno images include a Software Bill of Materials (SBOM) in CycloneDX format. SBOMs are available at:
- π
ghcr.io/kyverno/sbom - π Fetching the SBOM
π₯ Contributors
Kyverno is built and maintained by our growing community of contributors!
Made with contributors-img
π License
Copyright 2025, the Kyverno project. All rights reserved.
Kyverno is licensed under the Apache License 2.0.
Kyverno is a Cloud Native Computing Foundation (CNCF) Incubating project and was contributed by Nirmata.