README.md

Kubernetes Policy Report API

NOTE: The Policy Report API specification is currently in review. See KEP 4447

The Kubernetes Policy Report API enables uniform reporting of results and findings from policy engines, scanners, or other tooling.

This repository contains the API specification and Custom Resource Definitions (CRDs).

Concepts

The API provides a ClusterPolicyReport and its namespaced variant PolicyReport.

Each PolicyReport contains a set of results and a summary. Each result contains attributes such as the source policy and rule name, severity, timestamp, and the resource.

Reference

• API Reference

Demonstration

Typically the Policy Report API is installed and managed by a producer. However, to try out the API in a test cluster you can follow the steps below:

1. Add Policy Report API CRDs to your cluster (v1beta2):

kubectl create -f crd/v1beta2/

2. Create a sample policy report resource:

kubectl create -f samples/sample-cis-k8s.yaml

3. View policy report resources:

kubectl get policyreports

Implementations

The following is a list of projects that produce or consume policy reports:

(To add your project, please create a pull request.)

Producers

• Falco
• Image Scanner
• jsPolicy
• Kyverno
• Netchecks
• Tracee Adapter
• Trivy Operator

Consumers

• Fairwinds Insights
• Kyverno Policy Reporter
• Open Cluster Management

Building

make all

Community, discussion, contribution, and support

Learn how to engage with the Kubernetes community on the community page.

You can reach the maintainers of this project at:

• Slack
• Mailing List
• WG Policy

Code of conduct

Participation in the Kubernetes community is governed by the Kubernetes Code of Conduct.

Historical References

See the proposal for background and details.