Kyverno, purpose-built by Nirmata, is a leading CNCF project designed for comprehensive Kubernetes policy management and cloud-native security and governance. It empowers platform teams to enforce policies, secure software supply chains, and automate security within their Kubernetes environments. Unlike other Kubernetes policy engines, Kyverno policies are written as YAML, mirroring Kubernetes manifests, which simplifies policy creation and updates. It works on any Kubernetes resource, not just pods, and automatically applies policies to all known Kubernetes Pod controllers, including Deployments and StatefulSets, for automated enforcement. This powerful platform allows users to effortlessly validate, mutate, and generate Kubernetes resources, ensuring security, compliance, and reliability in their deployments. Kyverno strengthens security further by enabling the verification of container images within the software supply chain. Its all-in-one solution for K8s policy management streamlines the DevSecOps workflow, enhancing efficiency and confidence in Kubernetes operations while promoting best practices in security and compliance. With over 2.4 billion downloads, Kyverno is widely adopted and trusted by thousands of organizations for governance and security.

Features & Benefits

• Kubernetes-Native Policy Management
  • Purpose-built for cloud-native and Kubernetes policy management, working on any Kubernetes resource.
• YAML-Based Policies
  • Policies are written as YAML, similar to Kubernetes manifests, eliminating the need for a new language and simplifying policy updates.
• Automated Pod Security Enforcement
  • Automatically applies policies written for Pods to all known Kubernetes Pod controllers, including Deployments and StatefulSets.
• Extensive Policy Library
  • Offers a comprehensive library of ready-to-use policies for a wide array of usage on various Kubernetes and ecosystem resources.
• Kyverno CLI for Pre-Cluster Testing
  • Enables easy testing of resources against a given set of policies to predict their behavior in CI/CD pipelines before deployment to an actual cluster.
• Proactive Security Enforcement (Admission Controller)
  • Functions as an admission controller to proactively block and prevent insecure configurations rather than just detecting them.
• Software Supply Chain Security
  • Strengthens security by enabling the verification of container images within the software supply chain.
• Granular Policy Control with CEL
  • Allows administrators to define specific exemptions from policy rules using CEL for precise and flexible enforcement.
• Modular Policy Functionality
  • Provides specialized Kubernetes policy types that separate concerns and offer more focused functionality for a modular approach.
• Transparent Policy Auditing
  • Kyverno adapters enrich policy decisions for integrations, making policy enforcement results easy to audit.
• Strong Community & Adoption
  • Boasts over 2.4 billion downloads and is the most popular Kubernetes policy management and creation engine on GitHub, supported by an active community.