diff --git a/go.mod b/go.mod
new file mode 100644
index 0000000..d27c23a
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,61 @@
+module sigs.k8s.io/wg-policy-prototypes
+
+go 1.22.0
+
+toolchain go1.22.1
+
+require (
+	k8s.io/api v0.29.3
+	k8s.io/apimachinery v0.30.0-rc.2
+	k8s.io/client-go v0.29.3
+	k8s.io/code-generator v0.30.0-rc.2
+	sigs.k8s.io/controller-runtime v0.16.3
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-openapi/jsonpointer v0.20.0 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.22.4 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/stretchr/testify v1.9.0 // indirect
+	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/net v0.24.0 // indirect
+	golang.org/x/oauth2 v0.14.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sys v0.19.0 // indirect
+	golang.org/x/term v0.19.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
+	golang.org/x/tools v0.20.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 // indirect
+	k8s.io/klog/v2 v2.120.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
+	k8s.io/utils v0.0.0-20240310230437-4693a0247e57 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
+)
diff --git a/go.sum b/go.sum
new file mode 100644
index 0000000..bee4090
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,185 @@
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
+github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI=
+github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
+github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
+github.com/go-openapi/jsonpointer v0.20.0 h1:ESKJdU9ASRfaPNOPRx12IUyA1vn3R9GiE3KYD14BXdQ=
+github.com/go-openapi/jsonpointer v0.20.0/go.mod h1:6PGzBjjIIumbLYysB73Klnms1mwnU4G3YHOECG3CedA=
+github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
+github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
+github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU=
+github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 h1:0VpGH+cDhbDtdcweoyCVsF3fhN8kejK6rFe/2FFX2nU=
+github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49/go.mod h1:BkkQ4L1KS1xMt2aWSPStnn55ChGC0DPOn2FQYj+f25M=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b h1:RMpPgZTSApbPf7xaVel+QkoGPRLFLrwFO89uDUHEGf0=
+github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY=
+github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
+github.com/onsi/gomega v1.31.0 h1:54UJxxj6cPInHS3a35wm6BK/F9nHYueZ1NVujHDrnXE=
+github.com/onsi/gomega v1.31.0/go.mod h1:DW9aCi7U6Yi40wNVAvT6kzFnEVEI5n3DloYBiKiT6zk=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
+golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
+golang.org/x/oauth2 v0.14.0 h1:P0Vrf/2538nmC0H+pEQ3MNFRRnVR7RlqyVw+bvm26z0=
+golang.org/x/oauth2 v0.14.0/go.mod h1:lAtNWgaWfL4cm7j2OV8TxGi9Qb7ECORx8DktCY74OwM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
+golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q=
+golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY=
+golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw=
+k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80=
+k8s.io/apimachinery v0.30.0-rc.2 h1:Q1JPqws5zCGjRwKtLW8ZKOY8lvl6aJejqIixJlHoAhc=
+k8s.io/apimachinery v0.30.0-rc.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
+k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg=
+k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0=
+k8s.io/code-generator v0.30.0-rc.2 h1:FpFPiuhuaZXGm6MUNBRwCdcBO9RhTvu0DwU8xW07XJo=
+k8s.io/code-generator v0.30.0-rc.2/go.mod h1:EnOT8yIxF1CXH4qxYhPgJ3wqVeATHN0LCF7RnVmMCyE=
+k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 h1:NGrVE502P0s0/1hudf8zjgwki1X/TByhmAoILTarmzo=
+k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70/go.mod h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8=
+k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
+k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
+k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
+k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY=
+k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4=
+sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
diff --git a/policy-report/.gitignore b/policy-report/.gitignore
new file mode 100644
index 0000000..d97ffc5
--- /dev/null
+++ b/policy-report/.gitignore
@@ -0,0 +1,24 @@
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+bin
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Kubernetes Generated files - skip generated files, except for vendored files
+
+!vendor/**/zz_generated.*
+
+# editor and IDE paraphernalia
+.idea
+*.swp
+*.swo
+*~
diff --git a/policy-report/Makefile b/policy-report/Makefile
new file mode 100644
index 0000000..166e347
--- /dev/null
+++ b/policy-report/Makefile
@@ -0,0 +1,94 @@
+GO_CMD ?= go
+
+PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
+
+# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
+ifeq (,$(shell go env GOBIN))
+GOBIN=$(shell go env GOPATH)/bin
+else
+GOBIN=$(shell go env GOBIN)
+endif
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+CONTROLLER_TOOLS_VERSION           ?= v0.14.0
+CONTROLLER_GEN                     ?= $(LOCALBIN)/controller-gen
+GEN_CRD_API_REFERENCE_DOCS         ?= $(LOCALBIN)/crd-ref-docs
+GEN_CRD_API_REFERENCE_DOCS_VERSION ?= latest
+
+all: manifests generate generate-api-docs generate-client build fmt vet 
+
+.PHONY: manifests
+manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+	$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./apis/reports.x-k8s.io/v1beta2" output:crd:artifacts:config=crd/reports.x-k8s.io/v1beta2
+
+.PHONY: generate
+generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./apis/..."
+
+.PHONY: generate-client
+generate-client:
+	./hack/update-codegen.sh
+
+
+# Run go build against code
+build:
+	go build ./...
+
+# Run go fmt against code
+fmt:
+	go fmt ./...
+
+# Run go vet against code
+vet:
+	go vet ./...
+
+.PHONY: controller-gen
+controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten.
+$(CONTROLLER_GEN): $(LOCALBIN)
+	test -s $(LOCALBIN)/controller-gen && $(LOCALBIN)/controller-gen --version | grep -q $(CONTROLLER_TOOLS_VERSION) || \
+	GOBIN=$(LOCALBIN) $(GO_CMD) install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION)
+
+# Use same code-generator version as k8s.io/api
+CODEGEN_VERSION := v0.30.0-rc.2
+CODEGEN = $(shell pwd)/bin/code-generator
+CODEGEN_ROOT = $(shell $(GO_CMD) env GOMODCACHE)/k8s.io/code-generator@$(CODEGEN_VERSION)
+.PHONY: code-generator
+code-generator:
+	@GOBIN=$(PROJECT_DIR)/bin GO111MODULE=on $(GO_CMD) install k8s.io/code-generator/cmd/client-gen@$(CODEGEN_VERSION)
+	cp -f $(CODEGEN_ROOT)/generate-groups.sh $(PROJECT_DIR)/bin/
+	cp -f $(CODEGEN_ROOT)/generate-internal-groups.sh $(PROJECT_DIR)/bin/
+	cp -f $(CODEGEN_ROOT)/kube_codegen.sh $(PROJECT_DIR)/bin/
+
+# generate-api-docs will create api docs
+generate-api-docs: $(GEN_CRD_API_REFERENCE_DOCS)
+	$(GEN_CRD_API_REFERENCE_DOCS) --source-path=./apis/reports.x-k8s.io/v1beta2 --config=./docs/config.yaml --renderer=markdown --output-path=./docs/api-docs.md
+
+$(GEN_CRD_API_REFERENCE_DOCS): $(LOCALBIN)
+	$(call go-install-tool,$(GEN_CRD_API_REFERENCE_DOCS),github.com/elastic/crd-ref-docs,$(GEN_CRD_API_REFERENCE_DOCS_VERSION))
+
+.PHONY: codegen-api-docs
+codegen-api-docs: $(PACKAGE_SHIM) $(GEN_CRD_API_REFERENCE_DOCS) $(GENREF) ## Generate API docs
+	@echo Generate api docs... >&2
+	$(GEN_CRD_API_REFERENCE_DOCS) -v=4 \
+		-api-dir pkg/api \
+		-config docs/config.json \
+		-template-dir docs/template \
+		-out-file docs/index.html
+
+# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist
+# $1 - target path with name of binary (ideally with version)
+# $2 - package url which can be installed
+# $3 - specific version of package
+define go-install-tool
+@[ -f $(1) ] || { \
+set -e; \
+package=$(2)@$(3) ;\
+echo "Downloading $${package}" ;\
+GOBIN=$(LOCALBIN) go install $${package} ;\
+mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\
+}
+endef
diff --git a/policy-report/README.md b/policy-report/README.md
new file mode 100644
index 0000000..866293c
--- /dev/null
+++ b/policy-report/README.md
@@ -0,0 +1,84 @@
+# Report API
+
+The Report API enables uniform reporting of results and findings from policy engines, scanners, or other tooling.
+
+This repository contains the API specification and Custom Resource Definitions (CRDs).
+
+## Concepts
+
+The API provides a `ClusterReport` and its namespaced variant `Report`.
+
+Each `Report` contains a set of `results` and a `summary`. Each `result` contains attributes such as the source policy and rule name, severity, timestamp, and the resource.
+
+## Reference
+
+* [API Reference](./docs/api-docs.md)
+
+## Demonstration
+
+Typically the Report API is installed and managed by a [producer](#producers). However, to try out the API in a test cluster you can follow the steps below:
+
+1. Add Report API CRDs to your cluster (v1beta2):
+
+```sh
+kubectl create -f crd/reports.x-k8s.io/v1beta2/
+```
+2. Create a sample policy report resource:
+
+```sh
+kubectl create -f samples/sample-cis-k8s.yaml
+```
+3. View policy report resources:
+
+```sh
+kubectl get reports
+```
+
+## Implementations
+
+The following is a list of projects that produce or consume policy reports:
+
+*(To add your project, please create a [pull request](https://github.com/kubernetes-sigs/wg-policy-prototypes/pulls).)*
+
+### Producers
+
+* [Falco](https://github.com/falcosecurity/falcosidekick/blob/master/outputs/policyreport.go)
+* [Image Scanner](https://github.com/statnett/image-scanner-operator)
+* [jsPolicy](https://github.com/loft-sh/jspolicy/)
+* [Kyverno](https://kyverno.io/docs/policy-reports/)
+* [Netchecks](https://docs.netchecks.io/)
+* [Tracee Adapter](https://github.com/fjogeleit/tracee-polr-adapter)
+* [Trivy Operator](https://aquasecurity.github.io/trivy-operator/v0.15.1/tutorials/integrations/policy-reporter/)
+* [Kubewarden](https://docs.kubewarden.io/explanations/audit-scanner/policy-reports)
+
+### Consumers
+
+* [Fairwinds Insights](https://fairwinds.com/insights)
+* [Kyverno Policy Reporter](https://kyverno.github.io/policy-reporter/)
+* [Open Cluster Management](https://open-cluster-management.io/)
+
+## Building 
+
+```sh
+make all
+```
+
+## Community, discussion, contribution, and support
+
+You can reach the maintainers of this project at:
+
+- [Slack](https://kubernetes.slack.com/messages/wg-policy)
+- [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-wg-policy)
+- [WG Policy](https://github.com/kubernetes/community/blob/master/wg-policy/README.md)
+
+### Code of conduct
+
+Participation in the OpenReport community is governed by the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).
+
+[owners]: https://git.k8s.io/community/contributors/guide/owners.md
+[Creative Commons 4.0]: https://git.k8s.io/website/LICENSE
+
+# Historical References
+
+See the [Kubernetes policy working group](https://github.com/kubernetes-sigs/wg-policy-prototypes/tree/master) and the [proposal](https://docs.google.com/document/d/1nICYLkYS1RE3gJzuHOfHeAC25QIkFZfgymFjgOzMDVw/edit#) for background and details.
+
diff --git a/policy-report/apis/reports.x-k8s.io/v1beta2/clusterpolicyreport_types.go b/policy-report/apis/reports.x-k8s.io/v1beta2/clusterpolicyreport_types.go
new file mode 100644
index 0000000..faf9e4d
--- /dev/null
+++ b/policy-report/apis/reports.x-k8s.io/v1beta2/clusterpolicyreport_types.go
@@ -0,0 +1,88 @@
+/*
+Copyright 2024 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta2
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +genclient:nonNamespaced
+// +kubebuilder:storageversion
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:path=clusterreports,scope="Cluster",shortName=creps
+// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1
+// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1
+// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass`
+// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail`
+// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn`
+// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error`
+// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip`
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+
+// ClusterReport is the Schema for the clusterpolicyreports API
+type ClusterReport struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Source is an identifier for the source e.g. a policy engine that manages this report.
+	// Use this field if all the results are produced by a single policy engine.
+	// If the results are produced by multiple sources e.g. different engines or scanners,
+	// then use the Source field at the ReportResult level.
+	// +optional
+	Source string `json:"source"`
+
+	// Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)
+	// +optional
+	Scope *corev1.ObjectReference `json:"scope,omitempty"`
+
+	// ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
+	// Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.
+	// +optional
+	ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"`
+
+	// Configuration is an optional field which can be used to specify
+	// a contract between Report generators and consumers
+	// +optional
+	Configuration *ReportConfiguration `json:"configuration,omitempty"`
+
+	// ReportSummary provides a summary of results
+	// +optional
+	Summary ReportSummary `json:"summary,omitempty"`
+
+	// ReportResult provides result details
+	// +optional
+	Results []ReportResult `json:"results,omitempty"`
+}
+
+// ClusterReportList contains a list of ClusterReport
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type ClusterReportList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []ClusterReport `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&ClusterReport{}, &ClusterReportList{})
+}
diff --git a/policy-report/apis/reports.x-k8s.io/v1beta2/doc.go b/policy-report/apis/reports.x-k8s.io/v1beta2/doc.go
new file mode 100644
index 0000000..5dc8060
--- /dev/null
+++ b/policy-report/apis/reports.x-k8s.io/v1beta2/doc.go
@@ -0,0 +1,22 @@
+/*
+Copyright 2024 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1beta2 contains API Schema definitions for the policy v1beta2 API group
+// +k8s:deepcopy-gen=package
+// +kubebuilder:object:generate=true
+// +k8s:openapi-gen=true
+// +groupName=reports.x-k8s.io
+package v1beta2
diff --git a/policy-report/apis/reports.x-k8s.io/v1beta2/groupversion_info.go b/policy-report/apis/reports.x-k8s.io/v1beta2/groupversion_info.go
new file mode 100644
index 0000000..cc11bd0
--- /dev/null
+++ b/policy-report/apis/reports.x-k8s.io/v1beta2/groupversion_info.go
@@ -0,0 +1,49 @@
+/*
+Copyright 2024 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1beta2 contains API Schema definitions for the policy v1beta2 API group
+// +kubebuilder:object:generate=true
+// +groupName=reports.x-k8s.io
+package v1beta2
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+// Package v1beta2 contains API Schema definitions for the policy v1beta2 API group
+// +kubebuilder:object:generate=true
+// +groupName=reports.x-k8s.io
+var (
+	// SchemeGroupVersion is group version used to register these objects
+	SchemeGroupVersion = schema.GroupVersion{Group: "reports.x-k8s.io", Version: "v1beta2"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)
+
+// Kind takes an unqualified kind and returns back a Group qualified GroupKind
+func Kind(kind string) schema.GroupKind {
+	return SchemeGroupVersion.WithKind(kind).GroupKind()
+}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
diff --git a/policy-report/apis/reports.x-k8s.io/v1beta2/policyreport_types.go b/policy-report/apis/reports.x-k8s.io/v1beta2/policyreport_types.go
new file mode 100644
index 0000000..8d8020a
--- /dev/null
+++ b/policy-report/apis/reports.x-k8s.io/v1beta2/policyreport_types.go
@@ -0,0 +1,197 @@
+/*
+Copyright 2024 The Kubernetes authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta2
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// StatusFilter is used by Report generators to write only those reports whose status is specified by the filters
+// +kubebuilder:validation:Enum=pass;fail;warn;error;skip
+type StatusFilter string
+
+type Limits struct {
+	// MaxResults is the maximum number of results contained in the report
+	// +optional
+	MaxResults int `json:"maxResults"`
+
+	// StatusFilter indicates that the Report contains only those reports with statuses specified in this list
+	// +optional
+	StatusFilter []StatusFilter `json:"statusFilter,omitempty"`
+}
+
+type ReportConfiguration struct {
+	Limits Limits `json:"limits"`
+}
+
+// ReportSummary provides a status count summary
+type ReportSummary struct {
+
+	// Pass provides the count of policies whose requirements were met
+	// +optional
+	Pass int `json:"pass"`
+
+	// Fail provides the count of policies whose requirements were not met
+	// +optional
+	Fail int `json:"fail"`
+
+	// Warn provides the count of non-scored policies whose requirements were not met
+	// +optional
+	Warn int `json:"warn"`
+
+	// Error provides the count of policies that could not be evaluated
+	// +optional
+	Error int `json:"error"`
+
+	// Skip indicates the count of policies that were not selected for evaluation
+	// +optional
+	Skip int `json:"skip"`
+}
+
+// Result has one of the following values:
+//   - pass: the policy requirements are met
+//   - fail: the policy requirements are not met
+//   - warn: the policy requirements are not met and the policy is not scored
+//   - error: the policy could not be evaluated
+//   - skip: the policy was not selected based on user inputs or applicability
+//
+// +kubebuilder:validation:Enum=pass;fail;warn;error;skip
+type Result string
+
+// ResultSeverity has one of the following values:
+//   - critical
+//   - high
+//   - low
+//   - medium
+//   - info
+//
+// +kubebuilder:validation:Enum=critical;high;low;medium;info
+type ResultSeverity string
+
+// ReportResult provides the result for an individual policy
+type ReportResult struct {
+
+	// Source is an identifier for the policy engine that manages this report
+	// If the Source is specified at this level, it will override the Source
+	// field set at the Report level
+	// +optional
+	Source string `json:"source"`
+
+	// Policy is the name or identifier of the policy
+	Policy string `json:"policy"`
+
+	// Rule is the name or identifier of the rule within the policy
+	// +optional
+	Rule string `json:"rule,omitempty"`
+
+	// Category indicates policy category
+	// +optional
+	Category string `json:"category,omitempty"`
+
+	// Severity indicates policy check result criticality
+	// +optional
+	Severity ResultSeverity `json:"severity,omitempty"`
+
+	// Timestamp indicates the time the result was found
+	Timestamp metav1.Timestamp `json:"timestamp,omitempty"`
+
+	// Result indicates the outcome of the policy rule execution
+	Result Result `json:"result,omitempty"`
+
+	// Scored indicates if this result is scored
+	Scored bool `json:"scored,omitempty"`
+
+	// Subjects is an optional reference to the checked Kubernetes resources
+	// +optional
+	Subjects []corev1.ObjectReference `json:"resources,omitempty"`
+
+	// ResourceSelector is an optional label selector for checked Kubernetes resources.
+	// For example, a policy result may apply to all pods that match a label.
+	// Either a Subject or a ResourceSelector can be specified. If neither are provided, the
+	// result is assumed to be for the policy report scope.
+	// +optional
+	ResourceSelector *metav1.LabelSelector `json:"resourceSelector,omitempty"`
+
+	// Description is a short user friendly message for the policy rule
+	Description string `json:"message,omitempty"`
+
+	// Properties provides additional information for the policy rule
+	Properties map[string]string `json:"properties,omitempty"`
+}
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:storageversion
+// +kubebuilder:object:root=true
+// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1
+// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1
+// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass`
+// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail`
+// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn`
+// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error`
+// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip`
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:resource:shortName=reps
+
+// Report is the Schema for the reports API
+type Report struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Source is an identifier for the source e.g. a policy engine that manages this report.
+	// Use this field if all the results are produced by a single policy engine.
+	// If the results are produced by multiple sources e.g. different engines or scanners,
+	// then use the Source field at the ReportResult level.
+	// +optional
+	Source string `json:"source"`
+
+	// Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)
+	// +optional
+	Scope *corev1.ObjectReference `json:"scope,omitempty"`
+
+	// ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
+	// Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.
+	// +optional
+	ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"`
+
+	// Configuration is an optional field which can be used to specify
+	// a contract between Report generators and consumers
+	// +optional
+	Configuration *ReportConfiguration `json:"configuration,omitempty"`
+
+	// ReportSummary provides a summary of results
+	// +optional
+	Summary ReportSummary `json:"summary,omitempty"`
+
+	// ReportResult provides result details
+	// +optional
+	Results []ReportResult `json:"results,omitempty"`
+}
+
+// ReportList contains a list of Report
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type ReportList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []Report `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&Report{}, &ReportList{})
+}
diff --git a/policy-report/apis/reports.x-k8s.io/v1beta2/zz_generated.deepcopy.go b/policy-report/apis/reports.x-k8s.io/v1beta2/zz_generated.deepcopy.go
new file mode 100644
index 0000000..176847c
--- /dev/null
+++ b/policy-report/apis/reports.x-k8s.io/v1beta2/zz_generated.deepcopy.go
@@ -0,0 +1,279 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by deepcopy-gen. DO NOT EDIT.
+
+package v1beta2
+
+import (
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterReport) DeepCopyInto(out *ClusterReport) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	if in.Scope != nil {
+		in, out := &in.Scope, &out.Scope
+		*out = new(v1.ObjectReference)
+		**out = **in
+	}
+	if in.ScopeSelector != nil {
+		in, out := &in.ScopeSelector, &out.ScopeSelector
+		*out = new(metav1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Configuration != nil {
+		in, out := &in.Configuration, &out.Configuration
+		*out = new(ReportConfiguration)
+		(*in).DeepCopyInto(*out)
+	}
+	out.Summary = in.Summary
+	if in.Results != nil {
+		in, out := &in.Results, &out.Results
+		*out = make([]ReportResult, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterReport.
+func (in *ClusterReport) DeepCopy() *ClusterReport {
+	if in == nil {
+		return nil
+	}
+	out := new(ClusterReport)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterReport) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterReportList) DeepCopyInto(out *ClusterReportList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]ClusterReport, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterReportList.
+func (in *ClusterReportList) DeepCopy() *ClusterReportList {
+	if in == nil {
+		return nil
+	}
+	out := new(ClusterReportList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterReportList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Limits) DeepCopyInto(out *Limits) {
+	*out = *in
+	if in.StatusFilter != nil {
+		in, out := &in.StatusFilter, &out.StatusFilter
+		*out = make([]StatusFilter, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Limits.
+func (in *Limits) DeepCopy() *Limits {
+	if in == nil {
+		return nil
+	}
+	out := new(Limits)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Report) DeepCopyInto(out *Report) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	if in.Scope != nil {
+		in, out := &in.Scope, &out.Scope
+		*out = new(v1.ObjectReference)
+		**out = **in
+	}
+	if in.ScopeSelector != nil {
+		in, out := &in.ScopeSelector, &out.ScopeSelector
+		*out = new(metav1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Configuration != nil {
+		in, out := &in.Configuration, &out.Configuration
+		*out = new(ReportConfiguration)
+		(*in).DeepCopyInto(*out)
+	}
+	out.Summary = in.Summary
+	if in.Results != nil {
+		in, out := &in.Results, &out.Results
+		*out = make([]ReportResult, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Report.
+func (in *Report) DeepCopy() *Report {
+	if in == nil {
+		return nil
+	}
+	out := new(Report)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *Report) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ReportConfiguration) DeepCopyInto(out *ReportConfiguration) {
+	*out = *in
+	in.Limits.DeepCopyInto(&out.Limits)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReportConfiguration.
+func (in *ReportConfiguration) DeepCopy() *ReportConfiguration {
+	if in == nil {
+		return nil
+	}
+	out := new(ReportConfiguration)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ReportList) DeepCopyInto(out *ReportList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]Report, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReportList.
+func (in *ReportList) DeepCopy() *ReportList {
+	if in == nil {
+		return nil
+	}
+	out := new(ReportList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ReportList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ReportResult) DeepCopyInto(out *ReportResult) {
+	*out = *in
+	out.Timestamp = in.Timestamp
+	if in.Subjects != nil {
+		in, out := &in.Subjects, &out.Subjects
+		*out = make([]v1.ObjectReference, len(*in))
+		copy(*out, *in)
+	}
+	if in.ResourceSelector != nil {
+		in, out := &in.ResourceSelector, &out.ResourceSelector
+		*out = new(metav1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReportResult.
+func (in *ReportResult) DeepCopy() *ReportResult {
+	if in == nil {
+		return nil
+	}
+	out := new(ReportResult)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ReportSummary) DeepCopyInto(out *ReportSummary) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReportSummary.
+func (in *ReportSummary) DeepCopy() *ReportSummary {
+	if in == nil {
+		return nil
+	}
+	out := new(ReportSummary)
+	in.DeepCopyInto(out)
+	return out
+}
diff --git a/policy-report/apis/wgpolicyk8s.io/v1alpha1/clusterpolicyreport_types.go b/policy-report/apis/wgpolicyk8s.io/v1alpha1/clusterpolicyreport_types.go
new file mode 100755
index 0000000..1be0ebd
--- /dev/null
+++ b/policy-report/apis/wgpolicyk8s.io/v1alpha1/clusterpolicyreport_types.go
@@ -0,0 +1,75 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +genclient:nonNamespaced
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:path=clusterpolicyreports,scope="Cluster",shortName=cpolr
+// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1
+// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1
+// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass`
+// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail`
+// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn`
+// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error`
+// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip`
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+
+// ClusterPolicyReport is the Schema for the clusterpolicyreports API
+type ClusterPolicyReport struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)
+	// +optional
+	Scope *corev1.ObjectReference `json:"scope,omitempty"`
+
+	// ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
+	// Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.
+	// +optional
+	ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"`
+
+	// PolicyReportSummary provides a summary of results
+	// +optional
+	Summary PolicyReportSummary `json:"summary,omitempty"`
+
+	// PolicyReportResult provides result details
+	// +optional
+	Results []PolicyReportResult `json:"results,omitempty"`
+}
+
+// ClusterPolicyReportList contains a list of ClusterPolicyReport
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type ClusterPolicyReportList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []ClusterPolicyReport `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&ClusterPolicyReport{}, &ClusterPolicyReportList{})
+}
diff --git a/policy-report/apis/wgpolicyk8s.io/v1alpha1/doc.go b/policy-report/apis/wgpolicyk8s.io/v1alpha1/doc.go
new file mode 100755
index 0000000..f147d5e
--- /dev/null
+++ b/policy-report/apis/wgpolicyk8s.io/v1alpha1/doc.go
@@ -0,0 +1,22 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group
+// +k8s:deepcopy-gen=package
+// +kubebuilder:object:generate=true
+// +k8s:openapi-gen=true
+// +groupName=wgpolicyk8s.io
+package v1alpha1
diff --git a/policy-report/apis/wgpolicyk8s.io/v1alpha1/groupversion_info.go b/policy-report/apis/wgpolicyk8s.io/v1alpha1/groupversion_info.go
new file mode 100755
index 0000000..2573e89
--- /dev/null
+++ b/policy-report/apis/wgpolicyk8s.io/v1alpha1/groupversion_info.go
@@ -0,0 +1,49 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group
+// +kubebuilder:object:generate=true
+// +groupName=wgpolicyk8s.io
+package v1alpha1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+// Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group
+// +kubebuilder:object:generate=true
+// +groupName=wgpolicyk8s.io
+var (
+	// SchemeGroupVersion is group version used to register these objects
+	SchemeGroupVersion = schema.GroupVersion{Group: "wgpolicyk8s.io", Version: "v1alpha1"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)
+
+// Kind takes an unqualified kind and returns back a Group qualified GroupKind
+func Kind(kind string) schema.GroupKind {
+	return SchemeGroupVersion.WithKind(kind).GroupKind()
+}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
diff --git a/policy-report/apis/wgpolicyk8s.io/v1alpha1/policyreport_types.go b/policy-report/apis/wgpolicyk8s.io/v1alpha1/policyreport_types.go
new file mode 100755
index 0000000..ad4a379
--- /dev/null
+++ b/policy-report/apis/wgpolicyk8s.io/v1alpha1/policyreport_types.go
@@ -0,0 +1,171 @@
+/*
+Copyright 2020 The Kubernetes authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// Status specifies state of a policy result
+const (
+	StatusPass  = "pass"
+	StatusFail  = "fail"
+	StatusWarn  = "warn"
+	StatusError = "error"
+	StatusSkip  = "skip"
+)
+
+// Severity specifies priority of a policy result
+const (
+	SeverityHigh   = "high"
+	SeverityMedium = "medium"
+	SeverityLow    = "low"
+)
+
+// PolicyReportSummary provides a status count summary
+type PolicyReportSummary struct {
+
+	// Pass provides the count of policies whose requirements were met
+	// +optional
+	Pass int `json:"pass"`
+
+	// Fail provides the count of policies whose requirements were not met
+	// +optional
+	Fail int `json:"fail"`
+
+	// Warn provides the count of unscored policies whose requirements were not met
+	// +optional
+	Warn int `json:"warn"`
+
+	// Error provides the count of policies that could not be evaluated
+	// +optional
+	Error int `json:"error"`
+
+	// Skip indicates the count of policies that were not selected for evaluation
+	// +optional
+	Skip int `json:"skip"`
+}
+
+// PolicyStatus has one of the following values:
+//   - pass: indicates that the policy requirements are met
+//   - fail: indicates that the policy requirements are not met
+//   - warn: indicates that the policy requirements and not met, and the policy is not scored
+//   - error: indicates that the policy could not be evaluated
+//   - skip: indicates that the policy was not selected based on user inputs or applicability
+//
+// +kubebuilder:validation:Enum=pass;fail;warn;error;skip
+type PolicyStatus string
+
+// PolicySeverity has one of the following values:
+//   - high
+//   - low
+//   - medium
+//
+// +kubebuilder:validation:Enum=high;low;medium
+type PolicySeverity string
+
+// PolicyReportResult provides the result for an individual policy
+type PolicyReportResult struct {
+
+	// Policy is the name of the policy
+	Policy string `json:"policy"`
+
+	// Rule is the name of the policy rule
+	// +optional
+	Rule string `json:"rule,omitempty"`
+
+	// Resources is an optional reference to the resource checked by the policy and rule
+	// +optional
+	Resources []corev1.ObjectReference `json:"resources,omitempty"`
+
+	// ResourceSelector is an optional selector for policy results that apply to multiple resources.
+	// For example, a policy result may apply to all pods that match a label.
+	// Either a Resource or a ResourceSelector can be specified. If neither are provided, the
+	// result is assumed to be for the policy report scope.
+	// +optional
+	ResourceSelector *metav1.LabelSelector `json:"resourceSelector,omitempty"`
+
+	// Message is a short user friendly description of the policy rule
+	Message string `json:"message,omitempty"`
+
+	// Status indicates the result of the policy rule check
+	Status PolicyStatus `json:"status,omitempty"`
+
+	// Scored indicates if this policy rule is scored
+	Scored bool `json:"scored,omitempty"`
+
+	// Data provides additional information for the policy rule
+	Data map[string]string `json:"data,omitempty"`
+
+	// Category indicates policy category
+	// +optional
+	Category string `json:"category,omitempty"`
+
+	// Severity indicates policy severity
+	// +optional
+	Severity PolicySeverity `json:"severity,omitempty"`
+}
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1
+// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1
+// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass`
+// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail`
+// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn`
+// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error`
+// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip`
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:resource:shortName=polr
+
+// PolicyReport is the Schema for the policyreports API
+type PolicyReport struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)
+	// +optional
+	Scope *corev1.ObjectReference `json:"scope,omitempty"`
+
+	// ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
+	// Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.
+	// +optional
+	ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"`
+
+	// PolicyReportSummary provides a summary of results
+	// +optional
+	Summary PolicyReportSummary `json:"summary,omitempty"`
+
+	// PolicyReportResult provides result details
+	// +optional
+	Results []PolicyReportResult `json:"results,omitempty"`
+}
+
+// PolicyReportList contains a list of PolicyReport
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type PolicyReportList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []PolicyReport `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&PolicyReport{}, &PolicyReportList{})
+}
diff --git a/policy-report/apis/wgpolicyk8s.io/v1alpha1/zz_generated.deepcopy.go b/policy-report/apis/wgpolicyk8s.io/v1alpha1/zz_generated.deepcopy.go
new file mode 100644
index 0000000..76afefd
--- /dev/null
+++ b/policy-report/apis/wgpolicyk8s.io/v1alpha1/zz_generated.deepcopy.go
@@ -0,0 +1,230 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by deepcopy-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterPolicyReport) DeepCopyInto(out *ClusterPolicyReport) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	if in.Scope != nil {
+		in, out := &in.Scope, &out.Scope
+		*out = new(v1.ObjectReference)
+		**out = **in
+	}
+	if in.ScopeSelector != nil {
+		in, out := &in.ScopeSelector, &out.ScopeSelector
+		*out = new(metav1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+	out.Summary = in.Summary
+	if in.Results != nil {
+		in, out := &in.Results, &out.Results
+		*out = make([]PolicyReportResult, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReport.
+func (in *ClusterPolicyReport) DeepCopy() *ClusterPolicyReport {
+	if in == nil {
+		return nil
+	}
+	out := new(ClusterPolicyReport)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterPolicyReport) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterPolicyReportList) DeepCopyInto(out *ClusterPolicyReportList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]ClusterPolicyReport, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReportList.
+func (in *ClusterPolicyReportList) DeepCopy() *ClusterPolicyReportList {
+	if in == nil {
+		return nil
+	}
+	out := new(ClusterPolicyReportList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterPolicyReportList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyReport) DeepCopyInto(out *PolicyReport) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	if in.Scope != nil {
+		in, out := &in.Scope, &out.Scope
+		*out = new(v1.ObjectReference)
+		**out = **in
+	}
+	if in.ScopeSelector != nil {
+		in, out := &in.ScopeSelector, &out.ScopeSelector
+		*out = new(metav1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+	out.Summary = in.Summary
+	if in.Results != nil {
+		in, out := &in.Results, &out.Results
+		*out = make([]PolicyReportResult, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReport.
+func (in *PolicyReport) DeepCopy() *PolicyReport {
+	if in == nil {
+		return nil
+	}
+	out := new(PolicyReport)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *PolicyReport) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyReportList) DeepCopyInto(out *PolicyReportList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]PolicyReport, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportList.
+func (in *PolicyReportList) DeepCopy() *PolicyReportList {
+	if in == nil {
+		return nil
+	}
+	out := new(PolicyReportList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *PolicyReportList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyReportResult) DeepCopyInto(out *PolicyReportResult) {
+	*out = *in
+	if in.Resources != nil {
+		in, out := &in.Resources, &out.Resources
+		*out = make([]v1.ObjectReference, len(*in))
+		copy(*out, *in)
+	}
+	if in.ResourceSelector != nil {
+		in, out := &in.ResourceSelector, &out.ResourceSelector
+		*out = new(metav1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Data != nil {
+		in, out := &in.Data, &out.Data
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportResult.
+func (in *PolicyReportResult) DeepCopy() *PolicyReportResult {
+	if in == nil {
+		return nil
+	}
+	out := new(PolicyReportResult)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyReportSummary) DeepCopyInto(out *PolicyReportSummary) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportSummary.
+func (in *PolicyReportSummary) DeepCopy() *PolicyReportSummary {
+	if in == nil {
+		return nil
+	}
+	out := new(PolicyReportSummary)
+	in.DeepCopyInto(out)
+	return out
+}
diff --git a/policy-report/apis/wgpolicyk8s.io/v1alpha2/clusterpolicyreport_types.go b/policy-report/apis/wgpolicyk8s.io/v1alpha2/clusterpolicyreport_types.go
new file mode 100644
index 0000000..0e873b3
--- /dev/null
+++ b/policy-report/apis/wgpolicyk8s.io/v1alpha2/clusterpolicyreport_types.go
@@ -0,0 +1,75 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha2
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +genclient:nonNamespaced
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:path=clusterpolicyreports,scope="Cluster",shortName=cpolr
+// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1
+// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1
+// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass`
+// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail`
+// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn`
+// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error`
+// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip`
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+
+// ClusterPolicyReport is the Schema for the clusterpolicyreports API
+type ClusterPolicyReport struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)
+	// +optional
+	Scope *corev1.ObjectReference `json:"scope,omitempty"`
+
+	// ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
+	// Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.
+	// +optional
+	ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"`
+
+	// PolicyReportSummary provides a summary of results
+	// +optional
+	Summary PolicyReportSummary `json:"summary,omitempty"`
+
+	// PolicyReportResult provides result details
+	// +optional
+	Results []PolicyReportResult `json:"results,omitempty"`
+}
+
+// ClusterPolicyReportList contains a list of ClusterPolicyReport
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type ClusterPolicyReportList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []ClusterPolicyReport `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&ClusterPolicyReport{}, &ClusterPolicyReportList{})
+}
diff --git a/policy-report/apis/wgpolicyk8s.io/v1alpha2/doc.go b/policy-report/apis/wgpolicyk8s.io/v1alpha2/doc.go
new file mode 100644
index 0000000..7407d3d
--- /dev/null
+++ b/policy-report/apis/wgpolicyk8s.io/v1alpha2/doc.go
@@ -0,0 +1,22 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1alpha2 contains API Schema definitions for the policy v1alpha2 API group
+// +k8s:deepcopy-gen=package
+// +kubebuilder:object:generate=true
+// +k8s:openapi-gen=true
+// +groupName=wgpolicyk8s.io
+package v1alpha2
diff --git a/policy-report/apis/wgpolicyk8s.io/v1alpha2/groupversion_info.go b/policy-report/apis/wgpolicyk8s.io/v1alpha2/groupversion_info.go
new file mode 100644
index 0000000..463433e
--- /dev/null
+++ b/policy-report/apis/wgpolicyk8s.io/v1alpha2/groupversion_info.go
@@ -0,0 +1,49 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1alpha2 contains API Schema definitions for the policy v1alpha2 API group
+// +kubebuilder:object:generate=true
+// +groupName=wgpolicyk8s.io
+package v1alpha2
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+// Package v1alpha2 contains API Schema definitions for the policy v1alpha2 API group
+// +kubebuilder:object:generate=true
+// +groupName=wgpolicyk8s.io
+var (
+	// SchemeGroupVersion is group version used to register these objects
+	SchemeGroupVersion = schema.GroupVersion{Group: "wgpolicyk8s.io", Version: "v1alpha2"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)
+
+// Kind takes an unqualified kind and returns back a Group qualified GroupKind
+func Kind(kind string) schema.GroupKind {
+	return SchemeGroupVersion.WithKind(kind).GroupKind()
+}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
diff --git a/policy-report/apis/wgpolicyk8s.io/v1alpha2/policyreport_types.go b/policy-report/apis/wgpolicyk8s.io/v1alpha2/policyreport_types.go
new file mode 100644
index 0000000..28a5ca2
--- /dev/null
+++ b/policy-report/apis/wgpolicyk8s.io/v1alpha2/policyreport_types.go
@@ -0,0 +1,164 @@
+/*
+Copyright 2020 The Kubernetes authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha2
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// PolicyReportSummary provides a status count summary
+type PolicyReportSummary struct {
+
+	// Pass provides the count of policies whose requirements were met
+	// +optional
+	Pass int `json:"pass"`
+
+	// Fail provides the count of policies whose requirements were not met
+	// +optional
+	Fail int `json:"fail"`
+
+	// Warn provides the count of non-scored policies whose requirements were not met
+	// +optional
+	Warn int `json:"warn"`
+
+	// Error provides the count of policies that could not be evaluated
+	// +optional
+	Error int `json:"error"`
+
+	// Skip indicates the count of policies that were not selected for evaluation
+	// +optional
+	Skip int `json:"skip"`
+}
+
+// PolicyResult has one of the following values:
+//   - pass: the policy requirements are met
+//   - fail: the policy requirements are not met
+//   - warn: the policy requirements are not met and the policy is not scored
+//   - error: the policy could not be evaluated
+//   - skip: the policy was not selected based on user inputs or applicability
+//
+// +kubebuilder:validation:Enum=pass;fail;warn;error;skip
+type PolicyResult string
+
+// PolicyResultSeverity has one of the following values:
+//   - critical
+//   - high
+//   - low
+//   - medium
+//   - info
+//
+// +kubebuilder:validation:Enum=critical;high;low;medium;info
+type PolicyResultSeverity string
+
+// PolicyReportResult provides the result for an individual policy
+type PolicyReportResult struct {
+
+	// Source is an identifier for the policy engine that manages this report
+	// +optional
+	Source string `json:"source"`
+
+	// Policy is the name or identifier of the policy
+	Policy string `json:"policy"`
+
+	// Rule is the name or identifier of the rule within the policy
+	// +optional
+	Rule string `json:"rule,omitempty"`
+
+	// Category indicates policy category
+	// +optional
+	Category string `json:"category,omitempty"`
+
+	// Severity indicates policy check result criticality
+	// +optional
+	Severity PolicyResultSeverity `json:"severity,omitempty"`
+
+	// Timestamp indicates the time the result was found
+	Timestamp metav1.Timestamp `json:"timestamp,omitempty"`
+
+	// Result indicates the outcome of the policy rule execution
+	Result PolicyResult `json:"result,omitempty"`
+
+	// Scored indicates if this result is scored
+	Scored bool `json:"scored,omitempty"`
+
+	// Subjects is an optional reference to the checked Kubernetes resources
+	// +optional
+	Subjects []corev1.ObjectReference `json:"resources,omitempty"`
+
+	// SubjectSelector is an optional label selector for checked Kubernetes resources.
+	// For example, a policy result may apply to all pods that match a label.
+	// Either a Subject or a SubjectSelector can be specified. If neither are provided, the
+	// result is assumed to be for the policy report scope.
+	// +optional
+	SubjectSelector *metav1.LabelSelector `json:"resourceSelector,omitempty"`
+
+	// Description is a short user friendly message for the policy rule
+	Description string `json:"message,omitempty"`
+
+	// Properties provides additional information for the policy rule
+	Properties map[string]string `json:"properties,omitempty"`
+}
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1
+// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1
+// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass`
+// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail`
+// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn`
+// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error`
+// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip`
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:resource:shortName=polr
+
+// PolicyReport is the Schema for the policyreports API
+type PolicyReport struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)
+	// +optional
+	Scope *corev1.ObjectReference `json:"scope,omitempty"`
+
+	// ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
+	// Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.
+	// +optional
+	ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"`
+
+	// PolicyReportSummary provides a summary of results
+	// +optional
+	Summary PolicyReportSummary `json:"summary,omitempty"`
+
+	// PolicyReportResult provides result details
+	// +optional
+	Results []PolicyReportResult `json:"results,omitempty"`
+}
+
+// PolicyReportList contains a list of PolicyReport
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type PolicyReportList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []PolicyReport `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&PolicyReport{}, &PolicyReportList{})
+}
diff --git a/policy-report/apis/wgpolicyk8s.io/v1alpha2/zz_generated.deepcopy.go b/policy-report/apis/wgpolicyk8s.io/v1alpha2/zz_generated.deepcopy.go
new file mode 100644
index 0000000..d5f6028
--- /dev/null
+++ b/policy-report/apis/wgpolicyk8s.io/v1alpha2/zz_generated.deepcopy.go
@@ -0,0 +1,231 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by deepcopy-gen. DO NOT EDIT.
+
+package v1alpha2
+
+import (
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterPolicyReport) DeepCopyInto(out *ClusterPolicyReport) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	if in.Scope != nil {
+		in, out := &in.Scope, &out.Scope
+		*out = new(v1.ObjectReference)
+		**out = **in
+	}
+	if in.ScopeSelector != nil {
+		in, out := &in.ScopeSelector, &out.ScopeSelector
+		*out = new(metav1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+	out.Summary = in.Summary
+	if in.Results != nil {
+		in, out := &in.Results, &out.Results
+		*out = make([]PolicyReportResult, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReport.
+func (in *ClusterPolicyReport) DeepCopy() *ClusterPolicyReport {
+	if in == nil {
+		return nil
+	}
+	out := new(ClusterPolicyReport)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterPolicyReport) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterPolicyReportList) DeepCopyInto(out *ClusterPolicyReportList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]ClusterPolicyReport, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReportList.
+func (in *ClusterPolicyReportList) DeepCopy() *ClusterPolicyReportList {
+	if in == nil {
+		return nil
+	}
+	out := new(ClusterPolicyReportList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterPolicyReportList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyReport) DeepCopyInto(out *PolicyReport) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	if in.Scope != nil {
+		in, out := &in.Scope, &out.Scope
+		*out = new(v1.ObjectReference)
+		**out = **in
+	}
+	if in.ScopeSelector != nil {
+		in, out := &in.ScopeSelector, &out.ScopeSelector
+		*out = new(metav1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+	out.Summary = in.Summary
+	if in.Results != nil {
+		in, out := &in.Results, &out.Results
+		*out = make([]PolicyReportResult, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReport.
+func (in *PolicyReport) DeepCopy() *PolicyReport {
+	if in == nil {
+		return nil
+	}
+	out := new(PolicyReport)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *PolicyReport) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyReportList) DeepCopyInto(out *PolicyReportList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]PolicyReport, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportList.
+func (in *PolicyReportList) DeepCopy() *PolicyReportList {
+	if in == nil {
+		return nil
+	}
+	out := new(PolicyReportList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *PolicyReportList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyReportResult) DeepCopyInto(out *PolicyReportResult) {
+	*out = *in
+	out.Timestamp = in.Timestamp
+	if in.Subjects != nil {
+		in, out := &in.Subjects, &out.Subjects
+		*out = make([]v1.ObjectReference, len(*in))
+		copy(*out, *in)
+	}
+	if in.SubjectSelector != nil {
+		in, out := &in.SubjectSelector, &out.SubjectSelector
+		*out = new(metav1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportResult.
+func (in *PolicyReportResult) DeepCopy() *PolicyReportResult {
+	if in == nil {
+		return nil
+	}
+	out := new(PolicyReportResult)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyReportSummary) DeepCopyInto(out *PolicyReportSummary) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportSummary.
+func (in *PolicyReportSummary) DeepCopy() *PolicyReportSummary {
+	if in == nil {
+		return nil
+	}
+	out := new(PolicyReportSummary)
+	in.DeepCopyInto(out)
+	return out
+}
diff --git a/policy-report/apis/wgpolicyk8s.io/v1beta1/clusterpolicyreport_types.go b/policy-report/apis/wgpolicyk8s.io/v1beta1/clusterpolicyreport_types.go
new file mode 100644
index 0000000..2be56c5
--- /dev/null
+++ b/policy-report/apis/wgpolicyk8s.io/v1beta1/clusterpolicyreport_types.go
@@ -0,0 +1,88 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +genclient:nonNamespaced
+// +kubebuilder:storageversion
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:path=clusterpolicyreports,scope="Cluster",shortName=cpolr
+// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1
+// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1
+// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass`
+// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail`
+// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn`
+// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error`
+// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip`
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+
+// ClusterPolicyReport is the Schema for the clusterpolicyreports API
+type ClusterPolicyReport struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Source is an identifier for the source e.g. a policy engine that manages this report.
+	// Use this field if all the results are produced by a single policy engine.
+	// If the results are produced by multiple sources e.g. different engines or scanners,
+	// then use the Source field at the PolicyReportResult level.
+	// +optional
+	Source string `json:"source"`
+
+	// Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)
+	// +optional
+	Scope *corev1.ObjectReference `json:"scope,omitempty"`
+
+	// ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
+	// Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.
+	// +optional
+	ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"`
+
+	// Configuration is an optional field which can be used to specify
+	// a contract between PolicyReport generators and consumers
+	// +optional
+	Configuration *PolicyReportConfiguration `json:"configuration,omitempty"`
+
+	// PolicyReportSummary provides a summary of results
+	// +optional
+	Summary PolicyReportSummary `json:"summary,omitempty"`
+
+	// PolicyReportResult provides result details
+	// +optional
+	Results []PolicyReportResult `json:"results,omitempty"`
+}
+
+// ClusterPolicyReportList contains a list of ClusterPolicyReport
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type ClusterPolicyReportList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []ClusterPolicyReport `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&ClusterPolicyReport{}, &ClusterPolicyReportList{})
+}
diff --git a/policy-report/apis/wgpolicyk8s.io/v1beta1/doc.go b/policy-report/apis/wgpolicyk8s.io/v1beta1/doc.go
new file mode 100644
index 0000000..af7c0f9
--- /dev/null
+++ b/policy-report/apis/wgpolicyk8s.io/v1beta1/doc.go
@@ -0,0 +1,22 @@
+/*
+Copyright 2022 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1beta1 contains API Schema definitions for the policy v1beta1 API group
+// +k8s:deepcopy-gen=package
+// +kubebuilder:object:generate=true
+// +k8s:openapi-gen=true
+// +groupName=wgpolicyk8s.io
+package v1beta1
diff --git a/policy-report/apis/wgpolicyk8s.io/v1beta1/groupversion_info.go b/policy-report/apis/wgpolicyk8s.io/v1beta1/groupversion_info.go
new file mode 100644
index 0000000..89a2697
--- /dev/null
+++ b/policy-report/apis/wgpolicyk8s.io/v1beta1/groupversion_info.go
@@ -0,0 +1,49 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1beta1 contains API Schema definitions for the policy v1beta1 API group
+// +kubebuilder:object:generate=true
+// +groupName=wgpolicyk8s.io
+package v1beta1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+// Package v1beta1 contains API Schema definitions for the policy v1beta1 API group
+// +kubebuilder:object:generate=true
+// +groupName=wgpolicyk8s.io
+var (
+	// SchemeGroupVersion is group version used to register these objects
+	SchemeGroupVersion = schema.GroupVersion{Group: "wgpolicyk8s.io", Version: "v1beta1"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)
+
+// Kind takes an unqualified kind and returns back a Group qualified GroupKind
+func Kind(kind string) schema.GroupKind {
+	return SchemeGroupVersion.WithKind(kind).GroupKind()
+}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
diff --git a/policy-report/apis/wgpolicyk8s.io/v1beta1/policyreport_types.go b/policy-report/apis/wgpolicyk8s.io/v1beta1/policyreport_types.go
new file mode 100644
index 0000000..bfadc60
--- /dev/null
+++ b/policy-report/apis/wgpolicyk8s.io/v1beta1/policyreport_types.go
@@ -0,0 +1,197 @@
+/*
+Copyright 2020 The Kubernetes authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// StatusFilter is used by PolicyReport generators to write only those reports whose status is specified by the filters
+// +kubebuilder:validation:Enum=pass;fail;warn;error;skip
+type StatusFilter string
+
+type Limits struct {
+	// MaxResults is the maximum number of results contained in the report
+	// +optional
+	MaxResults int `json:"maxResults"`
+
+	// StatusFilter indicates that the PolicyReport contains only those reports with statuses specified in this list
+	// +optional
+	StatusFilter []StatusFilter `json:"statusFilter,omitempty"`
+}
+
+type PolicyReportConfiguration struct {
+	Limits Limits `json:"limits"`
+}
+
+// PolicyReportSummary provides a status count summary
+type PolicyReportSummary struct {
+
+	// Pass provides the count of policies whose requirements were met
+	// +optional
+	Pass int `json:"pass"`
+
+	// Fail provides the count of policies whose requirements were not met
+	// +optional
+	Fail int `json:"fail"`
+
+	// Warn provides the count of non-scored policies whose requirements were not met
+	// +optional
+	Warn int `json:"warn"`
+
+	// Error provides the count of policies that could not be evaluated
+	// +optional
+	Error int `json:"error"`
+
+	// Skip indicates the count of policies that were not selected for evaluation
+	// +optional
+	Skip int `json:"skip"`
+}
+
+// PolicyResult has one of the following values:
+//   - pass: the policy requirements are met
+//   - fail: the policy requirements are not met
+//   - warn: the policy requirements are not met and the policy is not scored
+//   - error: the policy could not be evaluated
+//   - skip: the policy was not selected based on user inputs or applicability
+//
+// +kubebuilder:validation:Enum=pass;fail;warn;error;skip
+type PolicyResult string
+
+// PolicyResultSeverity has one of the following values:
+//   - critical
+//   - high
+//   - low
+//   - medium
+//   - info
+//
+// +kubebuilder:validation:Enum=critical;high;low;medium;info
+type PolicyResultSeverity string
+
+// PolicyReportResult provides the result for an individual policy
+type PolicyReportResult struct {
+
+	// Source is an identifier for the policy engine that manages this report
+	// If the Source is specified at this level, it will override the Source
+	// field set at the PolicyReport level
+	// +optional
+	Source string `json:"source"`
+
+	// Policy is the name or identifier of the policy
+	Policy string `json:"policy"`
+
+	// Rule is the name or identifier of the rule within the policy
+	// +optional
+	Rule string `json:"rule,omitempty"`
+
+	// Category indicates policy category
+	// +optional
+	Category string `json:"category,omitempty"`
+
+	// Severity indicates policy check result criticality
+	// +optional
+	Severity PolicyResultSeverity `json:"severity,omitempty"`
+
+	// Timestamp indicates the time the result was found
+	Timestamp metav1.Timestamp `json:"timestamp,omitempty"`
+
+	// Result indicates the outcome of the policy rule execution
+	Result PolicyResult `json:"result,omitempty"`
+
+	// Scored indicates if this result is scored
+	Scored bool `json:"scored,omitempty"`
+
+	// Subjects is an optional reference to the checked Kubernetes resources
+	// +optional
+	Subjects []corev1.ObjectReference `json:"resources,omitempty"`
+
+	// ResourceSelector is an optional label selector for checked Kubernetes resources.
+	// For example, a policy result may apply to all pods that match a label.
+	// Either a Subject or a ResourceSelector can be specified. If neither are provided, the
+	// result is assumed to be for the policy report scope.
+	// +optional
+	ResourceSelector *metav1.LabelSelector `json:"resourceSelector,omitempty"`
+
+	// Description is a short user friendly message for the policy rule
+	Description string `json:"message,omitempty"`
+
+	// Properties provides additional information for the policy rule
+	Properties map[string]string `json:"properties,omitempty"`
+}
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:storageversion
+// +kubebuilder:object:root=true
+// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1
+// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1
+// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass`
+// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail`
+// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn`
+// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error`
+// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip`
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:resource:shortName=polr
+
+// PolicyReport is the Schema for the policyreports API
+type PolicyReport struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Source is an identifier for the source e.g. a policy engine that manages this report.
+	// Use this field if all the results are produced by a single policy engine.
+	// If the results are produced by multiple sources e.g. different engines or scanners,
+	// then use the Source field at the PolicyReportResult level.
+	// +optional
+	Source string `json:"source"`
+
+	// Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)
+	// +optional
+	Scope *corev1.ObjectReference `json:"scope,omitempty"`
+
+	// ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
+	// Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.
+	// +optional
+	ScopeSelector *metav1.LabelSelector `json:"scopeSelector,omitempty"`
+
+	// Configuration is an optional field which can be used to specify
+	// a contract between PolicyReport generators and consumers
+	// +optional
+	Configuration *PolicyReportConfiguration `json:"configuration,omitempty"`
+
+	// PolicyReportSummary provides a summary of results
+	// +optional
+	Summary PolicyReportSummary `json:"summary,omitempty"`
+
+	// PolicyReportResult provides result details
+	// +optional
+	Results []PolicyReportResult `json:"results,omitempty"`
+}
+
+// PolicyReportList contains a list of PolicyReport
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type PolicyReportList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []PolicyReport `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&PolicyReport{}, &PolicyReportList{})
+}
diff --git a/policy-report/apis/wgpolicyk8s.io/v1beta1/zz_generated.deepcopy.go b/policy-report/apis/wgpolicyk8s.io/v1beta1/zz_generated.deepcopy.go
new file mode 100644
index 0000000..ca2a78a
--- /dev/null
+++ b/policy-report/apis/wgpolicyk8s.io/v1beta1/zz_generated.deepcopy.go
@@ -0,0 +1,279 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by deepcopy-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterPolicyReport) DeepCopyInto(out *ClusterPolicyReport) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	if in.Scope != nil {
+		in, out := &in.Scope, &out.Scope
+		*out = new(v1.ObjectReference)
+		**out = **in
+	}
+	if in.ScopeSelector != nil {
+		in, out := &in.ScopeSelector, &out.ScopeSelector
+		*out = new(metav1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Configuration != nil {
+		in, out := &in.Configuration, &out.Configuration
+		*out = new(PolicyReportConfiguration)
+		(*in).DeepCopyInto(*out)
+	}
+	out.Summary = in.Summary
+	if in.Results != nil {
+		in, out := &in.Results, &out.Results
+		*out = make([]PolicyReportResult, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReport.
+func (in *ClusterPolicyReport) DeepCopy() *ClusterPolicyReport {
+	if in == nil {
+		return nil
+	}
+	out := new(ClusterPolicyReport)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterPolicyReport) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterPolicyReportList) DeepCopyInto(out *ClusterPolicyReportList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]ClusterPolicyReport, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReportList.
+func (in *ClusterPolicyReportList) DeepCopy() *ClusterPolicyReportList {
+	if in == nil {
+		return nil
+	}
+	out := new(ClusterPolicyReportList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterPolicyReportList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Limits) DeepCopyInto(out *Limits) {
+	*out = *in
+	if in.StatusFilter != nil {
+		in, out := &in.StatusFilter, &out.StatusFilter
+		*out = make([]StatusFilter, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Limits.
+func (in *Limits) DeepCopy() *Limits {
+	if in == nil {
+		return nil
+	}
+	out := new(Limits)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyReport) DeepCopyInto(out *PolicyReport) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	if in.Scope != nil {
+		in, out := &in.Scope, &out.Scope
+		*out = new(v1.ObjectReference)
+		**out = **in
+	}
+	if in.ScopeSelector != nil {
+		in, out := &in.ScopeSelector, &out.ScopeSelector
+		*out = new(metav1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Configuration != nil {
+		in, out := &in.Configuration, &out.Configuration
+		*out = new(PolicyReportConfiguration)
+		(*in).DeepCopyInto(*out)
+	}
+	out.Summary = in.Summary
+	if in.Results != nil {
+		in, out := &in.Results, &out.Results
+		*out = make([]PolicyReportResult, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReport.
+func (in *PolicyReport) DeepCopy() *PolicyReport {
+	if in == nil {
+		return nil
+	}
+	out := new(PolicyReport)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *PolicyReport) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyReportConfiguration) DeepCopyInto(out *PolicyReportConfiguration) {
+	*out = *in
+	in.Limits.DeepCopyInto(&out.Limits)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportConfiguration.
+func (in *PolicyReportConfiguration) DeepCopy() *PolicyReportConfiguration {
+	if in == nil {
+		return nil
+	}
+	out := new(PolicyReportConfiguration)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyReportList) DeepCopyInto(out *PolicyReportList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]PolicyReport, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportList.
+func (in *PolicyReportList) DeepCopy() *PolicyReportList {
+	if in == nil {
+		return nil
+	}
+	out := new(PolicyReportList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *PolicyReportList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyReportResult) DeepCopyInto(out *PolicyReportResult) {
+	*out = *in
+	out.Timestamp = in.Timestamp
+	if in.Subjects != nil {
+		in, out := &in.Subjects, &out.Subjects
+		*out = make([]v1.ObjectReference, len(*in))
+		copy(*out, *in)
+	}
+	if in.ResourceSelector != nil {
+		in, out := &in.ResourceSelector, &out.ResourceSelector
+		*out = new(metav1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Properties != nil {
+		in, out := &in.Properties, &out.Properties
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportResult.
+func (in *PolicyReportResult) DeepCopy() *PolicyReportResult {
+	if in == nil {
+		return nil
+	}
+	out := new(PolicyReportResult)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PolicyReportSummary) DeepCopyInto(out *PolicyReportSummary) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportSummary.
+func (in *PolicyReportSummary) DeepCopy() *PolicyReportSummary {
+	if in == nil {
+		return nil
+	}
+	out := new(PolicyReportSummary)
+	in.DeepCopyInto(out)
+	return out
+}
diff --git a/policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_clusterreports.yaml b/policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_clusterreports.yaml
new file mode 100644
index 0000000..e291349
--- /dev/null
+++ b/policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_clusterreports.yaml
@@ -0,0 +1,417 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: clusterreports.reports.x-k8s.io
+spec:
+  group: reports.x-k8s.io
+  names:
+    kind: ClusterReport
+    listKind: ClusterReportList
+    plural: clusterreports
+    shortNames:
+    - creps
+    singular: clusterreport
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .scope.kind
+      name: Kind
+      priority: 1
+      type: string
+    - jsonPath: .scope.name
+      name: Name
+      priority: 1
+      type: string
+    - jsonPath: .summary.pass
+      name: Pass
+      type: integer
+    - jsonPath: .summary.fail
+      name: Fail
+      type: integer
+    - jsonPath: .summary.warn
+      name: Warn
+      type: integer
+    - jsonPath: .summary.error
+      name: Error
+      type: integer
+    - jsonPath: .summary.skip
+      name: Skip
+      type: integer
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta2
+    schema:
+      openAPIV3Schema:
+        description: ClusterReport is the Schema for the clusterpolicyreports API
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          configuration:
+            description: |-
+              Configuration is an optional field which can be used to specify
+              a contract between Report generators and consumers
+            properties:
+              limits:
+                properties:
+                  maxResults:
+                    description: MaxResults is the maximum number of results contained
+                      in the report
+                    type: integer
+                  statusFilter:
+                    description: StatusFilter indicates that the Report contains only
+                      those reports with statuses specified in this list
+                    items:
+                      description: StatusFilter is used by Report generators to write
+                        only those reports whose status is specified by the filters
+                      enum:
+                      - pass
+                      - fail
+                      - warn
+                      - error
+                      - skip
+                      type: string
+                    type: array
+                type: object
+            required:
+            - limits
+            type: object
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          results:
+            description: ReportResult provides result details
+            items:
+              description: ReportResult provides the result for an individual policy
+              properties:
+                category:
+                  description: Category indicates policy category
+                  type: string
+                message:
+                  description: Description is a short user friendly message for the
+                    policy rule
+                  type: string
+                policy:
+                  description: Policy is the name or identifier of the policy
+                  type: string
+                properties:
+                  additionalProperties:
+                    type: string
+                  description: Properties provides additional information for the
+                    policy rule
+                  type: object
+                resourceSelector:
+                  description: |-
+                    ResourceSelector is an optional label selector for checked Kubernetes resources.
+                    For example, a policy result may apply to all pods that match a label.
+                    Either a Subject or a ResourceSelector can be specified. If neither are provided, the
+                    result is assumed to be for the policy report scope.
+                  properties:
+                    matchExpressions:
+                      description: matchExpressions is a list of label selector requirements.
+                        The requirements are ANDed.
+                      items:
+                        description: |-
+                          A label selector requirement is a selector that contains values, a key, and an operator that
+                          relates the key and values.
+                        properties:
+                          key:
+                            description: key is the label key that the selector applies
+                              to.
+                            type: string
+                          operator:
+                            description: |-
+                              operator represents a key's relationship to a set of values.
+                              Valid operators are In, NotIn, Exists and DoesNotExist.
+                            type: string
+                          values:
+                            description: |-
+                              values is an array of string values. If the operator is In or NotIn,
+                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                              the values array must be empty. This array is replaced during a strategic
+                              merge patch.
+                            items:
+                              type: string
+                            type: array
+                            x-kubernetes-list-type: atomic
+                        required:
+                        - key
+                        - operator
+                        type: object
+                      type: array
+                      x-kubernetes-list-type: atomic
+                    matchLabels:
+                      additionalProperties:
+                        type: string
+                      description: |-
+                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                        operator is "In", and the values array contains only "value". The requirements are ANDed.
+                      type: object
+                  type: object
+                  x-kubernetes-map-type: atomic
+                resources:
+                  description: Subjects is an optional reference to the checked Kubernetes
+                    resources
+                  items:
+                    description: |-
+                      ObjectReference contains enough information to let you inspect or modify the referred object.
+                      ---
+                      New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs.
+                       1. Ignored fields.  It includes many fields which are not generally honored.  For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage.
+                       2. Invalid usage help.  It is impossible to add specific help for individual usage.  In most embedded usages, there are particular
+                          restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted".
+                          Those cannot be well described when embedded.
+                       3. Inconsistent validation.  Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen.
+                       4. The fields are both imprecise and overly precise.  Kind is not a precise mapping to a URL. This can produce ambiguity
+                          during interpretation and require a REST mapping.  In most cases, the dependency is on the group,resource tuple
+                          and the version of the actual struct is irrelevant.
+                       5. We cannot easily change it.  Because this type is embedded in many locations, updates to this type
+                          will affect numerous schemas.  Don't make new APIs embed an underspecified API type they do not control.
+
+
+                      Instead of using this type, create a locally provided and used type that is well-focused on your reference.
+                      For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: |-
+                          If referring to a piece of an object instead of an entire object, this string
+                          should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within a pod, this would take on a value like:
+                          "spec.containers{name}" (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]" (container with
+                          index 2 in this pod). This syntax is chosen only to have some well-defined way of
+                          referencing a part of an object.
+                          TODO: this design is not final and this field is subject to change in the future.
+                        type: string
+                      kind:
+                        description: |-
+                          Kind of the referent.
+                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+                        type: string
+                      name:
+                        description: |-
+                          Name of the referent.
+                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                        type: string
+                      namespace:
+                        description: |-
+                          Namespace of the referent.
+                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+                        type: string
+                      resourceVersion:
+                        description: |-
+                          Specific resourceVersion to which this reference is made, if any.
+                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+                        type: string
+                      uid:
+                        description: |-
+                          UID of the referent.
+                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+                        type: string
+                    type: object
+                    x-kubernetes-map-type: atomic
+                  type: array
+                result:
+                  description: Result indicates the outcome of the policy rule execution
+                  enum:
+                  - pass
+                  - fail
+                  - warn
+                  - error
+                  - skip
+                  type: string
+                rule:
+                  description: Rule is the name or identifier of the rule within the
+                    policy
+                  type: string
+                scored:
+                  description: Scored indicates if this result is scored
+                  type: boolean
+                severity:
+                  description: Severity indicates policy check result criticality
+                  enum:
+                  - critical
+                  - high
+                  - low
+                  - medium
+                  - info
+                  type: string
+                source:
+                  description: |-
+                    Source is an identifier for the policy engine that manages this report
+                    If the Source is specified at this level, it will override the Source
+                    field set at the Report level
+                  type: string
+                timestamp:
+                  description: Timestamp indicates the time the result was found
+                  properties:
+                    nanos:
+                      description: |-
+                        Non-negative fractions of a second at nanosecond resolution. Negative
+                        second values with fractions must still have non-negative nanos values
+                        that count forward in time. Must be from 0 to 999,999,999
+                        inclusive. This field may be limited in precision depending on context.
+                      format: int32
+                      type: integer
+                    seconds:
+                      description: |-
+                        Represents seconds of UTC time since Unix epoch
+                        1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+                        9999-12-31T23:59:59Z inclusive.
+                      format: int64
+                      type: integer
+                  required:
+                  - nanos
+                  - seconds
+                  type: object
+              required:
+              - policy
+              type: object
+            type: array
+          scope:
+            description: Scope is an optional reference to the report scope (e.g.
+              a Deployment, Namespace, or Node)
+            properties:
+              apiVersion:
+                description: API version of the referent.
+                type: string
+              fieldPath:
+                description: |-
+                  If referring to a piece of an object instead of an entire object, this string
+                  should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                  For example, if the object reference is to a container within a pod, this would take on a value like:
+                  "spec.containers{name}" (where "name" refers to the name of the container that triggered
+                  the event) or if no container name is specified "spec.containers[2]" (container with
+                  index 2 in this pod). This syntax is chosen only to have some well-defined way of
+                  referencing a part of an object.
+                  TODO: this design is not final and this field is subject to change in the future.
+                type: string
+              kind:
+                description: |-
+                  Kind of the referent.
+                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+                type: string
+              name:
+                description: |-
+                  Name of the referent.
+                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                type: string
+              namespace:
+                description: |-
+                  Namespace of the referent.
+                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+                type: string
+              resourceVersion:
+                description: |-
+                  Specific resourceVersion to which this reference is made, if any.
+                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+                type: string
+              uid:
+                description: |-
+                  UID of the referent.
+                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+                type: string
+            type: object
+            x-kubernetes-map-type: atomic
+          scopeSelector:
+            description: |-
+              ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
+              Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.
+            properties:
+              matchExpressions:
+                description: matchExpressions is a list of label selector requirements.
+                  The requirements are ANDed.
+                items:
+                  description: |-
+                    A label selector requirement is a selector that contains values, a key, and an operator that
+                    relates the key and values.
+                  properties:
+                    key:
+                      description: key is the label key that the selector applies
+                        to.
+                      type: string
+                    operator:
+                      description: |-
+                        operator represents a key's relationship to a set of values.
+                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                      type: string
+                    values:
+                      description: |-
+                        values is an array of string values. If the operator is In or NotIn,
+                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                        the values array must be empty. This array is replaced during a strategic
+                        merge patch.
+                      items:
+                        type: string
+                      type: array
+                      x-kubernetes-list-type: atomic
+                  required:
+                  - key
+                  - operator
+                  type: object
+                type: array
+                x-kubernetes-list-type: atomic
+              matchLabels:
+                additionalProperties:
+                  type: string
+                description: |-
+                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                type: object
+            type: object
+            x-kubernetes-map-type: atomic
+          source:
+            description: |-
+              Source is an identifier for the source e.g. a policy engine that manages this report.
+              Use this field if all the results are produced by a single policy engine.
+              If the results are produced by multiple sources e.g. different engines or scanners,
+              then use the Source field at the ReportResult level.
+            type: string
+          summary:
+            description: ReportSummary provides a summary of results
+            properties:
+              error:
+                description: Error provides the count of policies that could not be
+                  evaluated
+                type: integer
+              fail:
+                description: Fail provides the count of policies whose requirements
+                  were not met
+                type: integer
+              pass:
+                description: Pass provides the count of policies whose requirements
+                  were met
+                type: integer
+              skip:
+                description: Skip indicates the count of policies that were not selected
+                  for evaluation
+                type: integer
+              warn:
+                description: Warn provides the count of non-scored policies whose
+                  requirements were not met
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources: {}
diff --git a/policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_reports.yaml b/policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_reports.yaml
new file mode 100644
index 0000000..9c58145
--- /dev/null
+++ b/policy-report/crd/reports.x-k8s.io/v1beta2/reports.x-k8s.io_reports.yaml
@@ -0,0 +1,417 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: reports.reports.x-k8s.io
+spec:
+  group: reports.x-k8s.io
+  names:
+    kind: Report
+    listKind: ReportList
+    plural: reports
+    shortNames:
+    - reps
+    singular: report
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .scope.kind
+      name: Kind
+      priority: 1
+      type: string
+    - jsonPath: .scope.name
+      name: Name
+      priority: 1
+      type: string
+    - jsonPath: .summary.pass
+      name: Pass
+      type: integer
+    - jsonPath: .summary.fail
+      name: Fail
+      type: integer
+    - jsonPath: .summary.warn
+      name: Warn
+      type: integer
+    - jsonPath: .summary.error
+      name: Error
+      type: integer
+    - jsonPath: .summary.skip
+      name: Skip
+      type: integer
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta2
+    schema:
+      openAPIV3Schema:
+        description: Report is the Schema for the reports API
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          configuration:
+            description: |-
+              Configuration is an optional field which can be used to specify
+              a contract between Report generators and consumers
+            properties:
+              limits:
+                properties:
+                  maxResults:
+                    description: MaxResults is the maximum number of results contained
+                      in the report
+                    type: integer
+                  statusFilter:
+                    description: StatusFilter indicates that the Report contains only
+                      those reports with statuses specified in this list
+                    items:
+                      description: StatusFilter is used by Report generators to write
+                        only those reports whose status is specified by the filters
+                      enum:
+                      - pass
+                      - fail
+                      - warn
+                      - error
+                      - skip
+                      type: string
+                    type: array
+                type: object
+            required:
+            - limits
+            type: object
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          results:
+            description: ReportResult provides result details
+            items:
+              description: ReportResult provides the result for an individual policy
+              properties:
+                category:
+                  description: Category indicates policy category
+                  type: string
+                message:
+                  description: Description is a short user friendly message for the
+                    policy rule
+                  type: string
+                policy:
+                  description: Policy is the name or identifier of the policy
+                  type: string
+                properties:
+                  additionalProperties:
+                    type: string
+                  description: Properties provides additional information for the
+                    policy rule
+                  type: object
+                resourceSelector:
+                  description: |-
+                    ResourceSelector is an optional label selector for checked Kubernetes resources.
+                    For example, a policy result may apply to all pods that match a label.
+                    Either a Subject or a ResourceSelector can be specified. If neither are provided, the
+                    result is assumed to be for the policy report scope.
+                  properties:
+                    matchExpressions:
+                      description: matchExpressions is a list of label selector requirements.
+                        The requirements are ANDed.
+                      items:
+                        description: |-
+                          A label selector requirement is a selector that contains values, a key, and an operator that
+                          relates the key and values.
+                        properties:
+                          key:
+                            description: key is the label key that the selector applies
+                              to.
+                            type: string
+                          operator:
+                            description: |-
+                              operator represents a key's relationship to a set of values.
+                              Valid operators are In, NotIn, Exists and DoesNotExist.
+                            type: string
+                          values:
+                            description: |-
+                              values is an array of string values. If the operator is In or NotIn,
+                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                              the values array must be empty. This array is replaced during a strategic
+                              merge patch.
+                            items:
+                              type: string
+                            type: array
+                            x-kubernetes-list-type: atomic
+                        required:
+                        - key
+                        - operator
+                        type: object
+                      type: array
+                      x-kubernetes-list-type: atomic
+                    matchLabels:
+                      additionalProperties:
+                        type: string
+                      description: |-
+                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                        operator is "In", and the values array contains only "value". The requirements are ANDed.
+                      type: object
+                  type: object
+                  x-kubernetes-map-type: atomic
+                resources:
+                  description: Subjects is an optional reference to the checked Kubernetes
+                    resources
+                  items:
+                    description: |-
+                      ObjectReference contains enough information to let you inspect or modify the referred object.
+                      ---
+                      New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs.
+                       1. Ignored fields.  It includes many fields which are not generally honored.  For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage.
+                       2. Invalid usage help.  It is impossible to add specific help for individual usage.  In most embedded usages, there are particular
+                          restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted".
+                          Those cannot be well described when embedded.
+                       3. Inconsistent validation.  Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen.
+                       4. The fields are both imprecise and overly precise.  Kind is not a precise mapping to a URL. This can produce ambiguity
+                          during interpretation and require a REST mapping.  In most cases, the dependency is on the group,resource tuple
+                          and the version of the actual struct is irrelevant.
+                       5. We cannot easily change it.  Because this type is embedded in many locations, updates to this type
+                          will affect numerous schemas.  Don't make new APIs embed an underspecified API type they do not control.
+
+
+                      Instead of using this type, create a locally provided and used type that is well-focused on your reference.
+                      For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: |-
+                          If referring to a piece of an object instead of an entire object, this string
+                          should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within a pod, this would take on a value like:
+                          "spec.containers{name}" (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]" (container with
+                          index 2 in this pod). This syntax is chosen only to have some well-defined way of
+                          referencing a part of an object.
+                          TODO: this design is not final and this field is subject to change in the future.
+                        type: string
+                      kind:
+                        description: |-
+                          Kind of the referent.
+                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+                        type: string
+                      name:
+                        description: |-
+                          Name of the referent.
+                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                        type: string
+                      namespace:
+                        description: |-
+                          Namespace of the referent.
+                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+                        type: string
+                      resourceVersion:
+                        description: |-
+                          Specific resourceVersion to which this reference is made, if any.
+                          More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+                        type: string
+                      uid:
+                        description: |-
+                          UID of the referent.
+                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+                        type: string
+                    type: object
+                    x-kubernetes-map-type: atomic
+                  type: array
+                result:
+                  description: Result indicates the outcome of the policy rule execution
+                  enum:
+                  - pass
+                  - fail
+                  - warn
+                  - error
+                  - skip
+                  type: string
+                rule:
+                  description: Rule is the name or identifier of the rule within the
+                    policy
+                  type: string
+                scored:
+                  description: Scored indicates if this result is scored
+                  type: boolean
+                severity:
+                  description: Severity indicates policy check result criticality
+                  enum:
+                  - critical
+                  - high
+                  - low
+                  - medium
+                  - info
+                  type: string
+                source:
+                  description: |-
+                    Source is an identifier for the policy engine that manages this report
+                    If the Source is specified at this level, it will override the Source
+                    field set at the Report level
+                  type: string
+                timestamp:
+                  description: Timestamp indicates the time the result was found
+                  properties:
+                    nanos:
+                      description: |-
+                        Non-negative fractions of a second at nanosecond resolution. Negative
+                        second values with fractions must still have non-negative nanos values
+                        that count forward in time. Must be from 0 to 999,999,999
+                        inclusive. This field may be limited in precision depending on context.
+                      format: int32
+                      type: integer
+                    seconds:
+                      description: |-
+                        Represents seconds of UTC time since Unix epoch
+                        1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+                        9999-12-31T23:59:59Z inclusive.
+                      format: int64
+                      type: integer
+                  required:
+                  - nanos
+                  - seconds
+                  type: object
+              required:
+              - policy
+              type: object
+            type: array
+          scope:
+            description: Scope is an optional reference to the report scope (e.g.
+              a Deployment, Namespace, or Node)
+            properties:
+              apiVersion:
+                description: API version of the referent.
+                type: string
+              fieldPath:
+                description: |-
+                  If referring to a piece of an object instead of an entire object, this string
+                  should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                  For example, if the object reference is to a container within a pod, this would take on a value like:
+                  "spec.containers{name}" (where "name" refers to the name of the container that triggered
+                  the event) or if no container name is specified "spec.containers[2]" (container with
+                  index 2 in this pod). This syntax is chosen only to have some well-defined way of
+                  referencing a part of an object.
+                  TODO: this design is not final and this field is subject to change in the future.
+                type: string
+              kind:
+                description: |-
+                  Kind of the referent.
+                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+                type: string
+              name:
+                description: |-
+                  Name of the referent.
+                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                type: string
+              namespace:
+                description: |-
+                  Namespace of the referent.
+                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+                type: string
+              resourceVersion:
+                description: |-
+                  Specific resourceVersion to which this reference is made, if any.
+                  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+                type: string
+              uid:
+                description: |-
+                  UID of the referent.
+                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+                type: string
+            type: object
+            x-kubernetes-map-type: atomic
+          scopeSelector:
+            description: |-
+              ScopeSelector is an optional selector for multiple scopes (e.g. Pods).
+              Either one of, or none of, but not both of, Scope or ScopeSelector should be specified.
+            properties:
+              matchExpressions:
+                description: matchExpressions is a list of label selector requirements.
+                  The requirements are ANDed.
+                items:
+                  description: |-
+                    A label selector requirement is a selector that contains values, a key, and an operator that
+                    relates the key and values.
+                  properties:
+                    key:
+                      description: key is the label key that the selector applies
+                        to.
+                      type: string
+                    operator:
+                      description: |-
+                        operator represents a key's relationship to a set of values.
+                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                      type: string
+                    values:
+                      description: |-
+                        values is an array of string values. If the operator is In or NotIn,
+                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                        the values array must be empty. This array is replaced during a strategic
+                        merge patch.
+                      items:
+                        type: string
+                      type: array
+                      x-kubernetes-list-type: atomic
+                  required:
+                  - key
+                  - operator
+                  type: object
+                type: array
+                x-kubernetes-list-type: atomic
+              matchLabels:
+                additionalProperties:
+                  type: string
+                description: |-
+                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                type: object
+            type: object
+            x-kubernetes-map-type: atomic
+          source:
+            description: |-
+              Source is an identifier for the source e.g. a policy engine that manages this report.
+              Use this field if all the results are produced by a single policy engine.
+              If the results are produced by multiple sources e.g. different engines or scanners,
+              then use the Source field at the ReportResult level.
+            type: string
+          summary:
+            description: ReportSummary provides a summary of results
+            properties:
+              error:
+                description: Error provides the count of policies that could not be
+                  evaluated
+                type: integer
+              fail:
+                description: Fail provides the count of policies whose requirements
+                  were not met
+                type: integer
+              pass:
+                description: Pass provides the count of policies whose requirements
+                  were met
+                type: integer
+              skip:
+                description: Skip indicates the count of policies that were not selected
+                  for evaluation
+                type: integer
+              warn:
+                description: Warn provides the count of non-scored policies whose
+                  requirements were not met
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources: {}
diff --git a/policy-report/crd/wgpolicyk8s.io/v1alpha1/wgpolicyk8s.io_clusterpolicyreports.yaml b/policy-report/crd/wgpolicyk8s.io/v1alpha1/wgpolicyk8s.io_clusterpolicyreports.yaml
new file mode 100644
index 0000000..a662d76
--- /dev/null
+++ b/policy-report/crd/wgpolicyk8s.io/v1alpha1/wgpolicyk8s.io_clusterpolicyreports.yaml
@@ -0,0 +1,338 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.4.0
+  creationTimestamp: null
+  name: clusterpolicyreports.wgpolicyk8s.io
+spec:
+  group: wgpolicyk8s.io
+  names:
+    kind: ClusterPolicyReport
+    listKind: ClusterPolicyReportList
+    plural: clusterpolicyreports
+    shortNames:
+    - cpolr
+    singular: clusterpolicyreport
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .scope.kind
+      name: Kind
+      priority: 1
+      type: string
+    - jsonPath: .scope.name
+      name: Name
+      priority: 1
+      type: string
+    - jsonPath: .summary.pass
+      name: Pass
+      type: integer
+    - jsonPath: .summary.fail
+      name: Fail
+      type: integer
+    - jsonPath: .summary.warn
+      name: Warn
+      type: integer
+    - jsonPath: .summary.error
+      name: Error
+      type: integer
+    - jsonPath: .summary.skip
+      name: Skip
+      type: integer
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: ClusterPolicyReport is the Schema for the clusterpolicyreports
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          results:
+            description: PolicyReportResult provides result details
+            items:
+              description: PolicyReportResult provides the result for an individual
+                policy
+              properties:
+                category:
+                  description: Category indicates policy category
+                  type: string
+                data:
+                  additionalProperties:
+                    type: string
+                  description: Data provides additional information for the policy
+                    rule
+                  type: object
+                message:
+                  description: Message is a short user friendly description of the
+                    policy rule
+                  type: string
+                policy:
+                  description: Policy is the name of the policy
+                  type: string
+                resourceSelector:
+                  description: ResourceSelector is an optional selector for policy
+                    results that apply to multiple resources. For example, a policy
+                    result may apply to all pods that match a label. Either a Resource
+                    or a ResourceSelector can be specified. If neither are provided,
+                    the result is assumed to be for the policy report scope.
+                  properties:
+                    matchExpressions:
+                      description: matchExpressions is a list of label selector requirements.
+                        The requirements are ANDed.
+                      items:
+                        description: A label selector requirement is a selector that
+                          contains values, a key, and an operator that relates the
+                          key and values.
+                        properties:
+                          key:
+                            description: key is the label key that the selector applies
+                              to.
+                            type: string
+                          operator:
+                            description: operator represents a key's relationship
+                              to a set of values. Valid operators are In, NotIn, Exists
+                              and DoesNotExist.
+                            type: string
+                          values:
+                            description: values is an array of string values. If the
+                              operator is In or NotIn, the values array must be non-empty.
+                              If the operator is Exists or DoesNotExist, the values
+                              array must be empty. This array is replaced during a
+                              strategic merge patch.
+                            items:
+                              type: string
+                            type: array
+                        required:
+                        - key
+                        - operator
+                        type: object
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        type: string
+                      description: matchLabels is a map of {key,value} pairs. A single
+                        {key,value} in the matchLabels map is equivalent to an element
+                        of matchExpressions, whose key field is "key", the operator
+                        is "In", and the values array contains only "value". The requirements
+                        are ANDed.
+                      type: object
+                  type: object
+                resources:
+                  description: Resources is an optional reference to the resource
+                    checked by the policy and rule
+                  items:
+                    description: 'ObjectReference contains enough information to let
+                      you inspect or modify the referred object. --- New uses of this
+                      type are discouraged because of difficulty describing its usage
+                      when embedded in APIs.  1. Ignored fields.  It includes many
+                      fields which are not generally honored.  For instance, ResourceVersion
+                      and FieldPath are both very rarely valid in actual usage.  2.
+                      Invalid usage help.  It is impossible to add specific help for
+                      individual usage.  In most embedded usages, there are particular     restrictions
+                      like, "must refer only to types A and B" or "UID not honored"
+                      or "name must be restricted".     Those cannot be well described
+                      when embedded.  3. Inconsistent validation.  Because the usages
+                      are different, the validation rules are different by usage,
+                      which makes it hard for users to predict what will happen.  4.
+                      The fields are both imprecise and overly precise.  Kind is not
+                      a precise mapping to a URL. This can produce ambiguity     during
+                      interpretation and require a REST mapping.  In most cases, the
+                      dependency is on the group,resource tuple     and the version
+                      of the actual struct is irrelevant.  5. We cannot easily change
+                      it.  Because this type is embedded in many locations, updates
+                      to this type     will affect numerous schemas.  Don''t make
+                      new APIs embed an underspecified API type they do not control.
+                      Instead of using this type, create a locally provided and used
+                      type that is well-focused on your reference. For example, ServiceReferences
+                      for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                      .'
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                  type: array
+                rule:
+                  description: Rule is the name of the policy rule
+                  type: string
+                scored:
+                  description: Scored indicates if this policy rule is scored
+                  type: boolean
+                severity:
+                  description: Severity indicates policy severity
+                  enum:
+                  - high
+                  - low
+                  - medium
+                  type: string
+                status:
+                  description: Status indicates the result of the policy rule check
+                  enum:
+                  - pass
+                  - fail
+                  - warn
+                  - error
+                  - skip
+                  type: string
+              required:
+              - policy
+              type: object
+            type: array
+          scope:
+            description: Scope is an optional reference to the report scope (e.g.
+              a Deployment, Namespace, or Node)
+            properties:
+              apiVersion:
+                description: API version of the referent.
+                type: string
+              fieldPath:
+                description: 'If referring to a piece of an object instead of an entire
+                  object, this string should contain a valid JSON/Go field access
+                  statement, such as desiredState.manifest.containers[2]. For example,
+                  if the object reference is to a container within a pod, this would
+                  take on a value like: "spec.containers{name}" (where "name" refers
+                  to the name of the container that triggered the event) or if no
+                  container name is specified "spec.containers[2]" (container with
+                  index 2 in this pod). This syntax is chosen only to have some well-defined
+                  way of referencing a part of an object. TODO: this design is not
+                  final and this field is subject to change in the future.'
+                type: string
+              kind:
+                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                type: string
+              name:
+                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                type: string
+              namespace:
+                description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                type: string
+              resourceVersion:
+                description: 'Specific resourceVersion to which this reference is
+                  made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                type: string
+              uid:
+                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                type: string
+            type: object
+          scopeSelector:
+            description: ScopeSelector is an optional selector for multiple scopes
+              (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+              should be specified.
+            properties:
+              matchExpressions:
+                description: matchExpressions is a list of label selector requirements.
+                  The requirements are ANDed.
+                items:
+                  description: A label selector requirement is a selector that contains
+                    values, a key, and an operator that relates the key and values.
+                  properties:
+                    key:
+                      description: key is the label key that the selector applies
+                        to.
+                      type: string
+                    operator:
+                      description: operator represents a key's relationship to a set
+                        of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                      type: string
+                    values:
+                      description: values is an array of string values. If the operator
+                        is In or NotIn, the values array must be non-empty. If the
+                        operator is Exists or DoesNotExist, the values array must
+                        be empty. This array is replaced during a strategic merge
+                        patch.
+                      items:
+                        type: string
+                      type: array
+                  required:
+                  - key
+                  - operator
+                  type: object
+                type: array
+              matchLabels:
+                additionalProperties:
+                  type: string
+                description: matchLabels is a map of {key,value} pairs. A single {key,value}
+                  in the matchLabels map is equivalent to an element of matchExpressions,
+                  whose key field is "key", the operator is "In", and the values array
+                  contains only "value". The requirements are ANDed.
+                type: object
+            type: object
+          summary:
+            description: PolicyReportSummary provides a summary of results
+            properties:
+              error:
+                description: Error provides the count of policies that could not be
+                  evaluated
+                type: integer
+              fail:
+                description: Fail provides the count of policies whose requirements
+                  were not met
+                type: integer
+              pass:
+                description: Pass provides the count of policies whose requirements
+                  were met
+                type: integer
+              skip:
+                description: Skip indicates the count of policies that were not selected
+                  for evaluation
+                type: integer
+              warn:
+                description: Warn provides the count of unscored policies whose requirements
+                  were not met
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/policy-report/crd/wgpolicyk8s.io/v1alpha1/wgpolicyk8s.io_policyreports.yaml b/policy-report/crd/wgpolicyk8s.io/v1alpha1/wgpolicyk8s.io_policyreports.yaml
new file mode 100644
index 0000000..a14def9
--- /dev/null
+++ b/policy-report/crd/wgpolicyk8s.io/v1alpha1/wgpolicyk8s.io_policyreports.yaml
@@ -0,0 +1,337 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.4.0
+  creationTimestamp: null
+  name: policyreports.wgpolicyk8s.io
+spec:
+  group: wgpolicyk8s.io
+  names:
+    kind: PolicyReport
+    listKind: PolicyReportList
+    plural: policyreports
+    shortNames:
+    - polr
+    singular: policyreport
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .scope.kind
+      name: Kind
+      priority: 1
+      type: string
+    - jsonPath: .scope.name
+      name: Name
+      priority: 1
+      type: string
+    - jsonPath: .summary.pass
+      name: Pass
+      type: integer
+    - jsonPath: .summary.fail
+      name: Fail
+      type: integer
+    - jsonPath: .summary.warn
+      name: Warn
+      type: integer
+    - jsonPath: .summary.error
+      name: Error
+      type: integer
+    - jsonPath: .summary.skip
+      name: Skip
+      type: integer
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: PolicyReport is the Schema for the policyreports API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          results:
+            description: PolicyReportResult provides result details
+            items:
+              description: PolicyReportResult provides the result for an individual
+                policy
+              properties:
+                category:
+                  description: Category indicates policy category
+                  type: string
+                data:
+                  additionalProperties:
+                    type: string
+                  description: Data provides additional information for the policy
+                    rule
+                  type: object
+                message:
+                  description: Message is a short user friendly description of the
+                    policy rule
+                  type: string
+                policy:
+                  description: Policy is the name of the policy
+                  type: string
+                resourceSelector:
+                  description: ResourceSelector is an optional selector for policy
+                    results that apply to multiple resources. For example, a policy
+                    result may apply to all pods that match a label. Either a Resource
+                    or a ResourceSelector can be specified. If neither are provided,
+                    the result is assumed to be for the policy report scope.
+                  properties:
+                    matchExpressions:
+                      description: matchExpressions is a list of label selector requirements.
+                        The requirements are ANDed.
+                      items:
+                        description: A label selector requirement is a selector that
+                          contains values, a key, and an operator that relates the
+                          key and values.
+                        properties:
+                          key:
+                            description: key is the label key that the selector applies
+                              to.
+                            type: string
+                          operator:
+                            description: operator represents a key's relationship
+                              to a set of values. Valid operators are In, NotIn, Exists
+                              and DoesNotExist.
+                            type: string
+                          values:
+                            description: values is an array of string values. If the
+                              operator is In or NotIn, the values array must be non-empty.
+                              If the operator is Exists or DoesNotExist, the values
+                              array must be empty. This array is replaced during a
+                              strategic merge patch.
+                            items:
+                              type: string
+                            type: array
+                        required:
+                        - key
+                        - operator
+                        type: object
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        type: string
+                      description: matchLabels is a map of {key,value} pairs. A single
+                        {key,value} in the matchLabels map is equivalent to an element
+                        of matchExpressions, whose key field is "key", the operator
+                        is "In", and the values array contains only "value". The requirements
+                        are ANDed.
+                      type: object
+                  type: object
+                resources:
+                  description: Resources is an optional reference to the resource
+                    checked by the policy and rule
+                  items:
+                    description: 'ObjectReference contains enough information to let
+                      you inspect or modify the referred object. --- New uses of this
+                      type are discouraged because of difficulty describing its usage
+                      when embedded in APIs.  1. Ignored fields.  It includes many
+                      fields which are not generally honored.  For instance, ResourceVersion
+                      and FieldPath are both very rarely valid in actual usage.  2.
+                      Invalid usage help.  It is impossible to add specific help for
+                      individual usage.  In most embedded usages, there are particular     restrictions
+                      like, "must refer only to types A and B" or "UID not honored"
+                      or "name must be restricted".     Those cannot be well described
+                      when embedded.  3. Inconsistent validation.  Because the usages
+                      are different, the validation rules are different by usage,
+                      which makes it hard for users to predict what will happen.  4.
+                      The fields are both imprecise and overly precise.  Kind is not
+                      a precise mapping to a URL. This can produce ambiguity     during
+                      interpretation and require a REST mapping.  In most cases, the
+                      dependency is on the group,resource tuple     and the version
+                      of the actual struct is irrelevant.  5. We cannot easily change
+                      it.  Because this type is embedded in many locations, updates
+                      to this type     will affect numerous schemas.  Don''t make
+                      new APIs embed an underspecified API type they do not control.
+                      Instead of using this type, create a locally provided and used
+                      type that is well-focused on your reference. For example, ServiceReferences
+                      for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                      .'
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                  type: array
+                rule:
+                  description: Rule is the name of the policy rule
+                  type: string
+                scored:
+                  description: Scored indicates if this policy rule is scored
+                  type: boolean
+                severity:
+                  description: Severity indicates policy severity
+                  enum:
+                  - high
+                  - low
+                  - medium
+                  type: string
+                status:
+                  description: Status indicates the result of the policy rule check
+                  enum:
+                  - pass
+                  - fail
+                  - warn
+                  - error
+                  - skip
+                  type: string
+              required:
+              - policy
+              type: object
+            type: array
+          scope:
+            description: Scope is an optional reference to the report scope (e.g.
+              a Deployment, Namespace, or Node)
+            properties:
+              apiVersion:
+                description: API version of the referent.
+                type: string
+              fieldPath:
+                description: 'If referring to a piece of an object instead of an entire
+                  object, this string should contain a valid JSON/Go field access
+                  statement, such as desiredState.manifest.containers[2]. For example,
+                  if the object reference is to a container within a pod, this would
+                  take on a value like: "spec.containers{name}" (where "name" refers
+                  to the name of the container that triggered the event) or if no
+                  container name is specified "spec.containers[2]" (container with
+                  index 2 in this pod). This syntax is chosen only to have some well-defined
+                  way of referencing a part of an object. TODO: this design is not
+                  final and this field is subject to change in the future.'
+                type: string
+              kind:
+                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                type: string
+              name:
+                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                type: string
+              namespace:
+                description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                type: string
+              resourceVersion:
+                description: 'Specific resourceVersion to which this reference is
+                  made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                type: string
+              uid:
+                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                type: string
+            type: object
+          scopeSelector:
+            description: ScopeSelector is an optional selector for multiple scopes
+              (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+              should be specified.
+            properties:
+              matchExpressions:
+                description: matchExpressions is a list of label selector requirements.
+                  The requirements are ANDed.
+                items:
+                  description: A label selector requirement is a selector that contains
+                    values, a key, and an operator that relates the key and values.
+                  properties:
+                    key:
+                      description: key is the label key that the selector applies
+                        to.
+                      type: string
+                    operator:
+                      description: operator represents a key's relationship to a set
+                        of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                      type: string
+                    values:
+                      description: values is an array of string values. If the operator
+                        is In or NotIn, the values array must be non-empty. If the
+                        operator is Exists or DoesNotExist, the values array must
+                        be empty. This array is replaced during a strategic merge
+                        patch.
+                      items:
+                        type: string
+                      type: array
+                  required:
+                  - key
+                  - operator
+                  type: object
+                type: array
+              matchLabels:
+                additionalProperties:
+                  type: string
+                description: matchLabels is a map of {key,value} pairs. A single {key,value}
+                  in the matchLabels map is equivalent to an element of matchExpressions,
+                  whose key field is "key", the operator is "In", and the values array
+                  contains only "value". The requirements are ANDed.
+                type: object
+            type: object
+          summary:
+            description: PolicyReportSummary provides a summary of results
+            properties:
+              error:
+                description: Error provides the count of policies that could not be
+                  evaluated
+                type: integer
+              fail:
+                description: Fail provides the count of policies whose requirements
+                  were not met
+                type: integer
+              pass:
+                description: Pass provides the count of policies whose requirements
+                  were met
+                type: integer
+              skip:
+                description: Skip indicates the count of policies that were not selected
+                  for evaluation
+                type: integer
+              warn:
+                description: Warn provides the count of unscored policies whose requirements
+                  were not met
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/policy-report/crd/wgpolicyk8s.io/v1alpha2/wgpolicyk8s.io_clusterpolicyreports.yaml b/policy-report/crd/wgpolicyk8s.io/v1alpha2/wgpolicyk8s.io_clusterpolicyreports.yaml
new file mode 100644
index 0000000..7d5e164
--- /dev/null
+++ b/policy-report/crd/wgpolicyk8s.io/v1alpha2/wgpolicyk8s.io_clusterpolicyreports.yaml
@@ -0,0 +1,1011 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.9.0
+  creationTimestamp: null
+  name: clusterpolicyreports.wgpolicyk8s.io
+spec:
+  group: wgpolicyk8s.io
+  names:
+    kind: ClusterPolicyReport
+    listKind: ClusterPolicyReportList
+    plural: clusterpolicyreports
+    shortNames:
+    - cpolr
+    singular: clusterpolicyreport
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .scope.kind
+      name: Kind
+      priority: 1
+      type: string
+    - jsonPath: .scope.name
+      name: Name
+      priority: 1
+      type: string
+    - jsonPath: .summary.pass
+      name: Pass
+      type: integer
+    - jsonPath: .summary.fail
+      name: Fail
+      type: integer
+    - jsonPath: .summary.warn
+      name: Warn
+      type: integer
+    - jsonPath: .summary.error
+      name: Error
+      type: integer
+    - jsonPath: .summary.skip
+      name: Skip
+      type: integer
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: ClusterPolicyReport is the Schema for the clusterpolicyreports
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          results:
+            description: PolicyReportResult provides result details
+            items:
+              description: PolicyReportResult provides the result for an individual
+                policy
+              properties:
+                category:
+                  description: Category indicates policy category
+                  type: string
+                data:
+                  additionalProperties:
+                    type: string
+                  description: Data provides additional information for the policy
+                    rule
+                  type: object
+                message:
+                  description: Message is a short user friendly description of the
+                    policy rule
+                  type: string
+                policy:
+                  description: Policy is the name of the policy
+                  type: string
+                resourceSelector:
+                  description: ResourceSelector is an optional selector for policy
+                    results that apply to multiple resources. For example, a policy
+                    result may apply to all pods that match a label. Either a Resource
+                    or a ResourceSelector can be specified. If neither are provided,
+                    the result is assumed to be for the policy report scope.
+                  properties:
+                    matchExpressions:
+                      description: matchExpressions is a list of label selector requirements.
+                        The requirements are ANDed.
+                      items:
+                        description: A label selector requirement is a selector that
+                          contains values, a key, and an operator that relates the
+                          key and values.
+                        properties:
+                          key:
+                            description: key is the label key that the selector applies
+                              to.
+                            type: string
+                          operator:
+                            description: operator represents a key's relationship
+                              to a set of values. Valid operators are In, NotIn, Exists
+                              and DoesNotExist.
+                            type: string
+                          values:
+                            description: values is an array of string values. If the
+                              operator is In or NotIn, the values array must be non-empty.
+                              If the operator is Exists or DoesNotExist, the values
+                              array must be empty. This array is replaced during a
+                              strategic merge patch.
+                            items:
+                              type: string
+                            type: array
+                        required:
+                        - key
+                        - operator
+                        type: object
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        type: string
+                      description: matchLabels is a map of {key,value} pairs. A single
+                        {key,value} in the matchLabels map is equivalent to an element
+                        of matchExpressions, whose key field is "key", the operator
+                        is "In", and the values array contains only "value". The requirements
+                        are ANDed.
+                      type: object
+                  type: object
+                resources:
+                  description: Resources is an optional reference to the resource
+                    checked by the policy and rule
+                  items:
+                    description: 'ObjectReference contains enough information to let
+                      you inspect or modify the referred object. --- New uses of this
+                      type are discouraged because of difficulty describing its usage
+                      when embedded in APIs. 1. Ignored fields.  It includes many
+                      fields which are not generally honored.  For instance, ResourceVersion
+                      and FieldPath are both very rarely valid in actual usage. 2.
+                      Invalid usage help.  It is impossible to add specific help for
+                      individual usage.  In most embedded usages, there are particular
+                      restrictions like, "must refer only to types A and B" or "UID
+                      not honored" or "name must be restricted". Those cannot be well
+                      described when embedded. 3. Inconsistent validation.  Because
+                      the usages are different, the validation rules are different
+                      by usage, which makes it hard for users to predict what will
+                      happen. 4. The fields are both imprecise and overly precise.  Kind
+                      is not a precise mapping to a URL. This can produce ambiguity
+                      during interpretation and require a REST mapping.  In most cases,
+                      the dependency is on the group,resource tuple and the version
+                      of the actual struct is irrelevant. 5. We cannot easily change
+                      it.  Because this type is embedded in many locations, updates
+                      to this type will affect numerous schemas.  Don''t make new
+                      APIs embed an underspecified API type they do not control. Instead
+                      of using this type, create a locally provided and used type
+                      that is well-focused on your reference. For example, ServiceReferences
+                      for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                      .'
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                  type: array
+                rule:
+                  description: Rule is the name of the policy rule
+                  type: string
+                scored:
+                  description: Scored indicates if this policy rule is scored
+                  type: boolean
+                severity:
+                  description: Severity indicates policy severity
+                  enum:
+                  - high
+                  - low
+                  - medium
+                  type: string
+                status:
+                  description: Status indicates the result of the policy rule check
+                  enum:
+                  - pass
+                  - fail
+                  - warn
+                  - error
+                  - skip
+                  type: string
+              required:
+              - policy
+              type: object
+            type: array
+          scope:
+            description: Scope is an optional reference to the report scope (e.g.
+              a Deployment, Namespace, or Node)
+            properties:
+              apiVersion:
+                description: API version of the referent.
+                type: string
+              fieldPath:
+                description: 'If referring to a piece of an object instead of an entire
+                  object, this string should contain a valid JSON/Go field access
+                  statement, such as desiredState.manifest.containers[2]. For example,
+                  if the object reference is to a container within a pod, this would
+                  take on a value like: "spec.containers{name}" (where "name" refers
+                  to the name of the container that triggered the event) or if no
+                  container name is specified "spec.containers[2]" (container with
+                  index 2 in this pod). This syntax is chosen only to have some well-defined
+                  way of referencing a part of an object. TODO: this design is not
+                  final and this field is subject to change in the future.'
+                type: string
+              kind:
+                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                type: string
+              name:
+                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                type: string
+              namespace:
+                description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                type: string
+              resourceVersion:
+                description: 'Specific resourceVersion to which this reference is
+                  made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                type: string
+              uid:
+                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                type: string
+            type: object
+          scopeSelector:
+            description: ScopeSelector is an optional selector for multiple scopes
+              (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+              should be specified.
+            properties:
+              matchExpressions:
+                description: matchExpressions is a list of label selector requirements.
+                  The requirements are ANDed.
+                items:
+                  description: A label selector requirement is a selector that contains
+                    values, a key, and an operator that relates the key and values.
+                  properties:
+                    key:
+                      description: key is the label key that the selector applies
+                        to.
+                      type: string
+                    operator:
+                      description: operator represents a key's relationship to a set
+                        of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                      type: string
+                    values:
+                      description: values is an array of string values. If the operator
+                        is In or NotIn, the values array must be non-empty. If the
+                        operator is Exists or DoesNotExist, the values array must
+                        be empty. This array is replaced during a strategic merge
+                        patch.
+                      items:
+                        type: string
+                      type: array
+                  required:
+                  - key
+                  - operator
+                  type: object
+                type: array
+              matchLabels:
+                additionalProperties:
+                  type: string
+                description: matchLabels is a map of {key,value} pairs. A single {key,value}
+                  in the matchLabels map is equivalent to an element of matchExpressions,
+                  whose key field is "key", the operator is "In", and the values array
+                  contains only "value". The requirements are ANDed.
+                type: object
+            type: object
+          summary:
+            description: PolicyReportSummary provides a summary of results
+            properties:
+              error:
+                description: Error provides the count of policies that could not be
+                  evaluated
+                type: integer
+              fail:
+                description: Fail provides the count of policies whose requirements
+                  were not met
+                type: integer
+              pass:
+                description: Pass provides the count of policies whose requirements
+                  were met
+                type: integer
+              skip:
+                description: Skip indicates the count of policies that were not selected
+                  for evaluation
+                type: integer
+              warn:
+                description: Warn provides the count of unscored policies whose requirements
+                  were not met
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources: {}
+  - additionalPrinterColumns:
+    - jsonPath: .scope.kind
+      name: Kind
+      priority: 1
+      type: string
+    - jsonPath: .scope.name
+      name: Name
+      priority: 1
+      type: string
+    - jsonPath: .summary.pass
+      name: Pass
+      type: integer
+    - jsonPath: .summary.fail
+      name: Fail
+      type: integer
+    - jsonPath: .summary.warn
+      name: Warn
+      type: integer
+    - jsonPath: .summary.error
+      name: Error
+      type: integer
+    - jsonPath: .summary.skip
+      name: Skip
+      type: integer
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: ClusterPolicyReport is the Schema for the clusterpolicyreports
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          results:
+            description: PolicyReportResult provides result details
+            items:
+              description: PolicyReportResult provides the result for an individual
+                policy
+              properties:
+                category:
+                  description: Category indicates policy category
+                  type: string
+                message:
+                  description: Description is a short user friendly message for the
+                    policy rule
+                  type: string
+                policy:
+                  description: Policy is the name or identifier of the policy
+                  type: string
+                properties:
+                  additionalProperties:
+                    type: string
+                  description: Properties provides additional information for the
+                    policy rule
+                  type: object
+                resourceSelector:
+                  description: SubjectSelector is an optional label selector for checked
+                    Kubernetes resources. For example, a policy result may apply to
+                    all pods that match a label. Either a Subject or a SubjectSelector
+                    can be specified. If neither are provided, the result is assumed
+                    to be for the policy report scope.
+                  properties:
+                    matchExpressions:
+                      description: matchExpressions is a list of label selector requirements.
+                        The requirements are ANDed.
+                      items:
+                        description: A label selector requirement is a selector that
+                          contains values, a key, and an operator that relates the
+                          key and values.
+                        properties:
+                          key:
+                            description: key is the label key that the selector applies
+                              to.
+                            type: string
+                          operator:
+                            description: operator represents a key's relationship
+                              to a set of values. Valid operators are In, NotIn, Exists
+                              and DoesNotExist.
+                            type: string
+                          values:
+                            description: values is an array of string values. If the
+                              operator is In or NotIn, the values array must be non-empty.
+                              If the operator is Exists or DoesNotExist, the values
+                              array must be empty. This array is replaced during a
+                              strategic merge patch.
+                            items:
+                              type: string
+                            type: array
+                        required:
+                        - key
+                        - operator
+                        type: object
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        type: string
+                      description: matchLabels is a map of {key,value} pairs. A single
+                        {key,value} in the matchLabels map is equivalent to an element
+                        of matchExpressions, whose key field is "key", the operator
+                        is "In", and the values array contains only "value". The requirements
+                        are ANDed.
+                      type: object
+                  type: object
+                resources:
+                  description: Subjects is an optional reference to the checked Kubernetes
+                    resources
+                  items:
+                    description: 'ObjectReference contains enough information to let
+                      you inspect or modify the referred object. --- New uses of this
+                      type are discouraged because of difficulty describing its usage
+                      when embedded in APIs. 1. Ignored fields.  It includes many
+                      fields which are not generally honored.  For instance, ResourceVersion
+                      and FieldPath are both very rarely valid in actual usage. 2.
+                      Invalid usage help.  It is impossible to add specific help for
+                      individual usage.  In most embedded usages, there are particular
+                      restrictions like, "must refer only to types A and B" or "UID
+                      not honored" or "name must be restricted". Those cannot be well
+                      described when embedded. 3. Inconsistent validation.  Because
+                      the usages are different, the validation rules are different
+                      by usage, which makes it hard for users to predict what will
+                      happen. 4. The fields are both imprecise and overly precise.  Kind
+                      is not a precise mapping to a URL. This can produce ambiguity
+                      during interpretation and require a REST mapping.  In most cases,
+                      the dependency is on the group,resource tuple and the version
+                      of the actual struct is irrelevant. 5. We cannot easily change
+                      it.  Because this type is embedded in many locations, updates
+                      to this type will affect numerous schemas.  Don''t make new
+                      APIs embed an underspecified API type they do not control. Instead
+                      of using this type, create a locally provided and used type
+                      that is well-focused on your reference. For example, ServiceReferences
+                      for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                      .'
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                  type: array
+                result:
+                  description: Result indicates the outcome of the policy rule execution
+                  enum:
+                  - pass
+                  - fail
+                  - warn
+                  - error
+                  - skip
+                  type: string
+                rule:
+                  description: Rule is the name or identifier of the rule within the
+                    policy
+                  type: string
+                scored:
+                  description: Scored indicates if this result is scored
+                  type: boolean
+                severity:
+                  description: Severity indicates policy check result criticality
+                  enum:
+                  - critical
+                  - high
+                  - low
+                  - medium
+                  - info
+                  type: string
+                source:
+                  description: Source is an identifier for the policy engine that
+                    manages this report
+                  type: string
+                timestamp:
+                  description: Timestamp indicates the time the result was found
+                  properties:
+                    nanos:
+                      description: Non-negative fractions of a second at nanosecond
+                        resolution. Negative second values with fractions must still
+                        have non-negative nanos values that count forward in time.
+                        Must be from 0 to 999,999,999 inclusive. This field may be
+                        limited in precision depending on context.
+                      format: int32
+                      type: integer
+                    seconds:
+                      description: Represents seconds of UTC time since Unix epoch
+                        1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+                        9999-12-31T23:59:59Z inclusive.
+                      format: int64
+                      type: integer
+                  required:
+                  - nanos
+                  - seconds
+                  type: object
+              required:
+              - policy
+              type: object
+            type: array
+          scope:
+            description: Scope is an optional reference to the report scope (e.g.
+              a Deployment, Namespace, or Node)
+            properties:
+              apiVersion:
+                description: API version of the referent.
+                type: string
+              fieldPath:
+                description: 'If referring to a piece of an object instead of an entire
+                  object, this string should contain a valid JSON/Go field access
+                  statement, such as desiredState.manifest.containers[2]. For example,
+                  if the object reference is to a container within a pod, this would
+                  take on a value like: "spec.containers{name}" (where "name" refers
+                  to the name of the container that triggered the event) or if no
+                  container name is specified "spec.containers[2]" (container with
+                  index 2 in this pod). This syntax is chosen only to have some well-defined
+                  way of referencing a part of an object. TODO: this design is not
+                  final and this field is subject to change in the future.'
+                type: string
+              kind:
+                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                type: string
+              name:
+                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                type: string
+              namespace:
+                description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                type: string
+              resourceVersion:
+                description: 'Specific resourceVersion to which this reference is
+                  made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                type: string
+              uid:
+                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                type: string
+            type: object
+          scopeSelector:
+            description: ScopeSelector is an optional selector for multiple scopes
+              (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+              should be specified.
+            properties:
+              matchExpressions:
+                description: matchExpressions is a list of label selector requirements.
+                  The requirements are ANDed.
+                items:
+                  description: A label selector requirement is a selector that contains
+                    values, a key, and an operator that relates the key and values.
+                  properties:
+                    key:
+                      description: key is the label key that the selector applies
+                        to.
+                      type: string
+                    operator:
+                      description: operator represents a key's relationship to a set
+                        of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                      type: string
+                    values:
+                      description: values is an array of string values. If the operator
+                        is In or NotIn, the values array must be non-empty. If the
+                        operator is Exists or DoesNotExist, the values array must
+                        be empty. This array is replaced during a strategic merge
+                        patch.
+                      items:
+                        type: string
+                      type: array
+                  required:
+                  - key
+                  - operator
+                  type: object
+                type: array
+              matchLabels:
+                additionalProperties:
+                  type: string
+                description: matchLabels is a map of {key,value} pairs. A single {key,value}
+                  in the matchLabels map is equivalent to an element of matchExpressions,
+                  whose key field is "key", the operator is "In", and the values array
+                  contains only "value". The requirements are ANDed.
+                type: object
+            type: object
+          summary:
+            description: PolicyReportSummary provides a summary of results
+            properties:
+              error:
+                description: Error provides the count of policies that could not be
+                  evaluated
+                type: integer
+              fail:
+                description: Fail provides the count of policies whose requirements
+                  were not met
+                type: integer
+              pass:
+                description: Pass provides the count of policies whose requirements
+                  were met
+                type: integer
+              skip:
+                description: Skip indicates the count of policies that were not selected
+                  for evaluation
+                type: integer
+              warn:
+                description: Warn provides the count of non-scored policies whose
+                  requirements were not met
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources: {}
+  - additionalPrinterColumns:
+    - jsonPath: .scope.kind
+      name: Kind
+      priority: 1
+      type: string
+    - jsonPath: .scope.name
+      name: Name
+      priority: 1
+      type: string
+    - jsonPath: .summary.pass
+      name: Pass
+      type: integer
+    - jsonPath: .summary.fail
+      name: Fail
+      type: integer
+    - jsonPath: .summary.warn
+      name: Warn
+      type: integer
+    - jsonPath: .summary.error
+      name: Error
+      type: integer
+    - jsonPath: .summary.skip
+      name: Skip
+      type: integer
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: ClusterPolicyReport is the Schema for the clusterpolicyreports
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          results:
+            description: PolicyReportResult provides result details
+            items:
+              description: PolicyReportResult provides the result for an individual
+                policy
+              properties:
+                category:
+                  description: Category indicates policy category
+                  type: string
+                message:
+                  description: Description is a short user friendly message for the
+                    policy rule
+                  type: string
+                policy:
+                  description: Policy is the name or identifier of the policy
+                  type: string
+                properties:
+                  additionalProperties:
+                    type: string
+                  description: Properties provides additional information for the
+                    policy rule
+                  type: object
+                resourceSelector:
+                  description: SubjectSelector is an optional label selector for checked
+                    Kubernetes resources. For example, a policy result may apply to
+                    all pods that match a label. Either a Subject or a SubjectSelector
+                    can be specified. If neither are provided, the result is assumed
+                    to be for the policy report scope.
+                  properties:
+                    matchExpressions:
+                      description: matchExpressions is a list of label selector requirements.
+                        The requirements are ANDed.
+                      items:
+                        description: A label selector requirement is a selector that
+                          contains values, a key, and an operator that relates the
+                          key and values.
+                        properties:
+                          key:
+                            description: key is the label key that the selector applies
+                              to.
+                            type: string
+                          operator:
+                            description: operator represents a key's relationship
+                              to a set of values. Valid operators are In, NotIn, Exists
+                              and DoesNotExist.
+                            type: string
+                          values:
+                            description: values is an array of string values. If the
+                              operator is In or NotIn, the values array must be non-empty.
+                              If the operator is Exists or DoesNotExist, the values
+                              array must be empty. This array is replaced during a
+                              strategic merge patch.
+                            items:
+                              type: string
+                            type: array
+                        required:
+                        - key
+                        - operator
+                        type: object
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        type: string
+                      description: matchLabels is a map of {key,value} pairs. A single
+                        {key,value} in the matchLabels map is equivalent to an element
+                        of matchExpressions, whose key field is "key", the operator
+                        is "In", and the values array contains only "value". The requirements
+                        are ANDed.
+                      type: object
+                  type: object
+                resources:
+                  description: Subjects is an optional reference to the checked Kubernetes
+                    resources
+                  items:
+                    description: 'ObjectReference contains enough information to let
+                      you inspect or modify the referred object. --- New uses of this
+                      type are discouraged because of difficulty describing its usage
+                      when embedded in APIs. 1. Ignored fields.  It includes many
+                      fields which are not generally honored.  For instance, ResourceVersion
+                      and FieldPath are both very rarely valid in actual usage. 2.
+                      Invalid usage help.  It is impossible to add specific help for
+                      individual usage.  In most embedded usages, there are particular
+                      restrictions like, "must refer only to types A and B" or "UID
+                      not honored" or "name must be restricted". Those cannot be well
+                      described when embedded. 3. Inconsistent validation.  Because
+                      the usages are different, the validation rules are different
+                      by usage, which makes it hard for users to predict what will
+                      happen. 4. The fields are both imprecise and overly precise.  Kind
+                      is not a precise mapping to a URL. This can produce ambiguity
+                      during interpretation and require a REST mapping.  In most cases,
+                      the dependency is on the group,resource tuple and the version
+                      of the actual struct is irrelevant. 5. We cannot easily change
+                      it.  Because this type is embedded in many locations, updates
+                      to this type will affect numerous schemas.  Don''t make new
+                      APIs embed an underspecified API type they do not control. Instead
+                      of using this type, create a locally provided and used type
+                      that is well-focused on your reference. For example, ServiceReferences
+                      for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                      .'
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                  type: array
+                result:
+                  description: Result indicates the outcome of the policy rule execution
+                  enum:
+                  - pass
+                  - fail
+                  - warn
+                  - error
+                  - skip
+                  type: string
+                rule:
+                  description: Rule is the name or identifier of the rule within the
+                    policy
+                  type: string
+                scored:
+                  description: Scored indicates if this result is scored
+                  type: boolean
+                severity:
+                  description: Severity indicates policy check result criticality
+                  enum:
+                  - critical
+                  - high
+                  - low
+                  - medium
+                  - info
+                  type: string
+                source:
+                  description: Source is an identifier for the policy engine that
+                    manages this report
+                  type: string
+                timestamp:
+                  description: Timestamp indicates the time the result was found
+                  properties:
+                    nanos:
+                      description: Non-negative fractions of a second at nanosecond
+                        resolution. Negative second values with fractions must still
+                        have non-negative nanos values that count forward in time.
+                        Must be from 0 to 999,999,999 inclusive. This field may be
+                        limited in precision depending on context.
+                      format: int32
+                      type: integer
+                    seconds:
+                      description: Represents seconds of UTC time since Unix epoch
+                        1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+                        9999-12-31T23:59:59Z inclusive.
+                      format: int64
+                      type: integer
+                  required:
+                  - nanos
+                  - seconds
+                  type: object
+              required:
+              - policy
+              type: object
+            type: array
+          scope:
+            description: Scope is an optional reference to the report scope (e.g.
+              a Deployment, Namespace, or Node)
+            properties:
+              apiVersion:
+                description: API version of the referent.
+                type: string
+              fieldPath:
+                description: 'If referring to a piece of an object instead of an entire
+                  object, this string should contain a valid JSON/Go field access
+                  statement, such as desiredState.manifest.containers[2]. For example,
+                  if the object reference is to a container within a pod, this would
+                  take on a value like: "spec.containers{name}" (where "name" refers
+                  to the name of the container that triggered the event) or if no
+                  container name is specified "spec.containers[2]" (container with
+                  index 2 in this pod). This syntax is chosen only to have some well-defined
+                  way of referencing a part of an object. TODO: this design is not
+                  final and this field is subject to change in the future.'
+                type: string
+              kind:
+                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                type: string
+              name:
+                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                type: string
+              namespace:
+                description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                type: string
+              resourceVersion:
+                description: 'Specific resourceVersion to which this reference is
+                  made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                type: string
+              uid:
+                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                type: string
+            type: object
+          scopeSelector:
+            description: ScopeSelector is an optional selector for multiple scopes
+              (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+              should be specified.
+            properties:
+              matchExpressions:
+                description: matchExpressions is a list of label selector requirements.
+                  The requirements are ANDed.
+                items:
+                  description: A label selector requirement is a selector that contains
+                    values, a key, and an operator that relates the key and values.
+                  properties:
+                    key:
+                      description: key is the label key that the selector applies
+                        to.
+                      type: string
+                    operator:
+                      description: operator represents a key's relationship to a set
+                        of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                      type: string
+                    values:
+                      description: values is an array of string values. If the operator
+                        is In or NotIn, the values array must be non-empty. If the
+                        operator is Exists or DoesNotExist, the values array must
+                        be empty. This array is replaced during a strategic merge
+                        patch.
+                      items:
+                        type: string
+                      type: array
+                  required:
+                  - key
+                  - operator
+                  type: object
+                type: array
+              matchLabels:
+                additionalProperties:
+                  type: string
+                description: matchLabels is a map of {key,value} pairs. A single {key,value}
+                  in the matchLabels map is equivalent to an element of matchExpressions,
+                  whose key field is "key", the operator is "In", and the values array
+                  contains only "value". The requirements are ANDed.
+                type: object
+            type: object
+          summary:
+            description: PolicyReportSummary provides a summary of results
+            properties:
+              error:
+                description: Error provides the count of policies that could not be
+                  evaluated
+                type: integer
+              fail:
+                description: Fail provides the count of policies whose requirements
+                  were not met
+                type: integer
+              pass:
+                description: Pass provides the count of policies whose requirements
+                  were met
+                type: integer
+              skip:
+                description: Skip indicates the count of policies that were not selected
+                  for evaluation
+                type: integer
+              warn:
+                description: Warn provides the count of non-scored policies whose
+                  requirements were not met
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources: {}
diff --git a/policy-report/crd/wgpolicyk8s.io/v1alpha2/wgpolicyk8s.io_policyreports.yaml b/policy-report/crd/wgpolicyk8s.io/v1alpha2/wgpolicyk8s.io_policyreports.yaml
new file mode 100644
index 0000000..bf77e93
--- /dev/null
+++ b/policy-report/crd/wgpolicyk8s.io/v1alpha2/wgpolicyk8s.io_policyreports.yaml
@@ -0,0 +1,1008 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.9.0
+  creationTimestamp: null
+  name: policyreports.wgpolicyk8s.io
+spec:
+  group: wgpolicyk8s.io
+  names:
+    kind: PolicyReport
+    listKind: PolicyReportList
+    plural: policyreports
+    shortNames:
+    - polr
+    singular: policyreport
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .scope.kind
+      name: Kind
+      priority: 1
+      type: string
+    - jsonPath: .scope.name
+      name: Name
+      priority: 1
+      type: string
+    - jsonPath: .summary.pass
+      name: Pass
+      type: integer
+    - jsonPath: .summary.fail
+      name: Fail
+      type: integer
+    - jsonPath: .summary.warn
+      name: Warn
+      type: integer
+    - jsonPath: .summary.error
+      name: Error
+      type: integer
+    - jsonPath: .summary.skip
+      name: Skip
+      type: integer
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: PolicyReport is the Schema for the policyreports API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          results:
+            description: PolicyReportResult provides result details
+            items:
+              description: PolicyReportResult provides the result for an individual
+                policy
+              properties:
+                category:
+                  description: Category indicates policy category
+                  type: string
+                data:
+                  additionalProperties:
+                    type: string
+                  description: Data provides additional information for the policy
+                    rule
+                  type: object
+                message:
+                  description: Message is a short user friendly description of the
+                    policy rule
+                  type: string
+                policy:
+                  description: Policy is the name of the policy
+                  type: string
+                resourceSelector:
+                  description: ResourceSelector is an optional selector for policy
+                    results that apply to multiple resources. For example, a policy
+                    result may apply to all pods that match a label. Either a Resource
+                    or a ResourceSelector can be specified. If neither are provided,
+                    the result is assumed to be for the policy report scope.
+                  properties:
+                    matchExpressions:
+                      description: matchExpressions is a list of label selector requirements.
+                        The requirements are ANDed.
+                      items:
+                        description: A label selector requirement is a selector that
+                          contains values, a key, and an operator that relates the
+                          key and values.
+                        properties:
+                          key:
+                            description: key is the label key that the selector applies
+                              to.
+                            type: string
+                          operator:
+                            description: operator represents a key's relationship
+                              to a set of values. Valid operators are In, NotIn, Exists
+                              and DoesNotExist.
+                            type: string
+                          values:
+                            description: values is an array of string values. If the
+                              operator is In or NotIn, the values array must be non-empty.
+                              If the operator is Exists or DoesNotExist, the values
+                              array must be empty. This array is replaced during a
+                              strategic merge patch.
+                            items:
+                              type: string
+                            type: array
+                        required:
+                        - key
+                        - operator
+                        type: object
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        type: string
+                      description: matchLabels is a map of {key,value} pairs. A single
+                        {key,value} in the matchLabels map is equivalent to an element
+                        of matchExpressions, whose key field is "key", the operator
+                        is "In", and the values array contains only "value". The requirements
+                        are ANDed.
+                      type: object
+                  type: object
+                resources:
+                  description: Resources is an optional reference to the resource
+                    checked by the policy and rule
+                  items:
+                    description: 'ObjectReference contains enough information to let
+                      you inspect or modify the referred object. --- New uses of this
+                      type are discouraged because of difficulty describing its usage
+                      when embedded in APIs. 1. Ignored fields.  It includes many
+                      fields which are not generally honored.  For instance, ResourceVersion
+                      and FieldPath are both very rarely valid in actual usage. 2.
+                      Invalid usage help.  It is impossible to add specific help for
+                      individual usage.  In most embedded usages, there are particular
+                      restrictions like, "must refer only to types A and B" or "UID
+                      not honored" or "name must be restricted". Those cannot be well
+                      described when embedded. 3. Inconsistent validation.  Because
+                      the usages are different, the validation rules are different
+                      by usage, which makes it hard for users to predict what will
+                      happen. 4. The fields are both imprecise and overly precise.  Kind
+                      is not a precise mapping to a URL. This can produce ambiguity
+                      during interpretation and require a REST mapping.  In most cases,
+                      the dependency is on the group,resource tuple and the version
+                      of the actual struct is irrelevant. 5. We cannot easily change
+                      it.  Because this type is embedded in many locations, updates
+                      to this type will affect numerous schemas.  Don''t make new
+                      APIs embed an underspecified API type they do not control. Instead
+                      of using this type, create a locally provided and used type
+                      that is well-focused on your reference. For example, ServiceReferences
+                      for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                      .'
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                  type: array
+                rule:
+                  description: Rule is the name of the policy rule
+                  type: string
+                scored:
+                  description: Scored indicates if this policy rule is scored
+                  type: boolean
+                severity:
+                  description: Severity indicates policy severity
+                  enum:
+                  - high
+                  - low
+                  - medium
+                  type: string
+                status:
+                  description: Status indicates the result of the policy rule check
+                  enum:
+                  - pass
+                  - fail
+                  - warn
+                  - error
+                  - skip
+                  type: string
+              required:
+              - policy
+              type: object
+            type: array
+          scope:
+            description: Scope is an optional reference to the report scope (e.g.
+              a Deployment, Namespace, or Node)
+            properties:
+              apiVersion:
+                description: API version of the referent.
+                type: string
+              fieldPath:
+                description: 'If referring to a piece of an object instead of an entire
+                  object, this string should contain a valid JSON/Go field access
+                  statement, such as desiredState.manifest.containers[2]. For example,
+                  if the object reference is to a container within a pod, this would
+                  take on a value like: "spec.containers{name}" (where "name" refers
+                  to the name of the container that triggered the event) or if no
+                  container name is specified "spec.containers[2]" (container with
+                  index 2 in this pod). This syntax is chosen only to have some well-defined
+                  way of referencing a part of an object. TODO: this design is not
+                  final and this field is subject to change in the future.'
+                type: string
+              kind:
+                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                type: string
+              name:
+                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                type: string
+              namespace:
+                description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                type: string
+              resourceVersion:
+                description: 'Specific resourceVersion to which this reference is
+                  made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                type: string
+              uid:
+                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                type: string
+            type: object
+          scopeSelector:
+            description: ScopeSelector is an optional selector for multiple scopes
+              (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+              should be specified.
+            properties:
+              matchExpressions:
+                description: matchExpressions is a list of label selector requirements.
+                  The requirements are ANDed.
+                items:
+                  description: A label selector requirement is a selector that contains
+                    values, a key, and an operator that relates the key and values.
+                  properties:
+                    key:
+                      description: key is the label key that the selector applies
+                        to.
+                      type: string
+                    operator:
+                      description: operator represents a key's relationship to a set
+                        of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                      type: string
+                    values:
+                      description: values is an array of string values. If the operator
+                        is In or NotIn, the values array must be non-empty. If the
+                        operator is Exists or DoesNotExist, the values array must
+                        be empty. This array is replaced during a strategic merge
+                        patch.
+                      items:
+                        type: string
+                      type: array
+                  required:
+                  - key
+                  - operator
+                  type: object
+                type: array
+              matchLabels:
+                additionalProperties:
+                  type: string
+                description: matchLabels is a map of {key,value} pairs. A single {key,value}
+                  in the matchLabels map is equivalent to an element of matchExpressions,
+                  whose key field is "key", the operator is "In", and the values array
+                  contains only "value". The requirements are ANDed.
+                type: object
+            type: object
+          summary:
+            description: PolicyReportSummary provides a summary of results
+            properties:
+              error:
+                description: Error provides the count of policies that could not be
+                  evaluated
+                type: integer
+              fail:
+                description: Fail provides the count of policies whose requirements
+                  were not met
+                type: integer
+              pass:
+                description: Pass provides the count of policies whose requirements
+                  were met
+                type: integer
+              skip:
+                description: Skip indicates the count of policies that were not selected
+                  for evaluation
+                type: integer
+              warn:
+                description: Warn provides the count of unscored policies whose requirements
+                  were not met
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources: {}
+  - additionalPrinterColumns:
+    - jsonPath: .scope.kind
+      name: Kind
+      priority: 1
+      type: string
+    - jsonPath: .scope.name
+      name: Name
+      priority: 1
+      type: string
+    - jsonPath: .summary.pass
+      name: Pass
+      type: integer
+    - jsonPath: .summary.fail
+      name: Fail
+      type: integer
+    - jsonPath: .summary.warn
+      name: Warn
+      type: integer
+    - jsonPath: .summary.error
+      name: Error
+      type: integer
+    - jsonPath: .summary.skip
+      name: Skip
+      type: integer
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: PolicyReport is the Schema for the policyreports API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          results:
+            description: PolicyReportResult provides result details
+            items:
+              description: PolicyReportResult provides the result for an individual
+                policy
+              properties:
+                category:
+                  description: Category indicates policy category
+                  type: string
+                message:
+                  description: Description is a short user friendly message for the
+                    policy rule
+                  type: string
+                policy:
+                  description: Policy is the name or identifier of the policy
+                  type: string
+                properties:
+                  additionalProperties:
+                    type: string
+                  description: Properties provides additional information for the
+                    policy rule
+                  type: object
+                resourceSelector:
+                  description: SubjectSelector is an optional label selector for checked
+                    Kubernetes resources. For example, a policy result may apply to
+                    all pods that match a label. Either a Subject or a SubjectSelector
+                    can be specified. If neither are provided, the result is assumed
+                    to be for the policy report scope.
+                  properties:
+                    matchExpressions:
+                      description: matchExpressions is a list of label selector requirements.
+                        The requirements are ANDed.
+                      items:
+                        description: A label selector requirement is a selector that
+                          contains values, a key, and an operator that relates the
+                          key and values.
+                        properties:
+                          key:
+                            description: key is the label key that the selector applies
+                              to.
+                            type: string
+                          operator:
+                            description: operator represents a key's relationship
+                              to a set of values. Valid operators are In, NotIn, Exists
+                              and DoesNotExist.
+                            type: string
+                          values:
+                            description: values is an array of string values. If the
+                              operator is In or NotIn, the values array must be non-empty.
+                              If the operator is Exists or DoesNotExist, the values
+                              array must be empty. This array is replaced during a
+                              strategic merge patch.
+                            items:
+                              type: string
+                            type: array
+                        required:
+                        - key
+                        - operator
+                        type: object
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        type: string
+                      description: matchLabels is a map of {key,value} pairs. A single
+                        {key,value} in the matchLabels map is equivalent to an element
+                        of matchExpressions, whose key field is "key", the operator
+                        is "In", and the values array contains only "value". The requirements
+                        are ANDed.
+                      type: object
+                  type: object
+                resources:
+                  description: Subjects is an optional reference to the checked Kubernetes
+                    resources
+                  items:
+                    description: 'ObjectReference contains enough information to let
+                      you inspect or modify the referred object. --- New uses of this
+                      type are discouraged because of difficulty describing its usage
+                      when embedded in APIs. 1. Ignored fields.  It includes many
+                      fields which are not generally honored.  For instance, ResourceVersion
+                      and FieldPath are both very rarely valid in actual usage. 2.
+                      Invalid usage help.  It is impossible to add specific help for
+                      individual usage.  In most embedded usages, there are particular
+                      restrictions like, "must refer only to types A and B" or "UID
+                      not honored" or "name must be restricted". Those cannot be well
+                      described when embedded. 3. Inconsistent validation.  Because
+                      the usages are different, the validation rules are different
+                      by usage, which makes it hard for users to predict what will
+                      happen. 4. The fields are both imprecise and overly precise.  Kind
+                      is not a precise mapping to a URL. This can produce ambiguity
+                      during interpretation and require a REST mapping.  In most cases,
+                      the dependency is on the group,resource tuple and the version
+                      of the actual struct is irrelevant. 5. We cannot easily change
+                      it.  Because this type is embedded in many locations, updates
+                      to this type will affect numerous schemas.  Don''t make new
+                      APIs embed an underspecified API type they do not control. Instead
+                      of using this type, create a locally provided and used type
+                      that is well-focused on your reference. For example, ServiceReferences
+                      for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                      .'
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                  type: array
+                result:
+                  description: Result indicates the outcome of the policy rule execution
+                  enum:
+                  - pass
+                  - fail
+                  - warn
+                  - error
+                  - skip
+                  type: string
+                rule:
+                  description: Rule is the name or identifier of the rule within the
+                    policy
+                  type: string
+                scored:
+                  description: Scored indicates if this result is scored
+                  type: boolean
+                severity:
+                  description: Severity indicates policy check result criticality
+                  enum:
+                  - critical
+                  - high
+                  - low
+                  - medium
+                  - info
+                  type: string
+                source:
+                  description: Source is an identifier for the policy engine that
+                    manages this report
+                  type: string
+                timestamp:
+                  description: Timestamp indicates the time the result was found
+                  properties:
+                    nanos:
+                      description: Non-negative fractions of a second at nanosecond
+                        resolution. Negative second values with fractions must still
+                        have non-negative nanos values that count forward in time.
+                        Must be from 0 to 999,999,999 inclusive. This field may be
+                        limited in precision depending on context.
+                      format: int32
+                      type: integer
+                    seconds:
+                      description: Represents seconds of UTC time since Unix epoch
+                        1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+                        9999-12-31T23:59:59Z inclusive.
+                      format: int64
+                      type: integer
+                  required:
+                  - nanos
+                  - seconds
+                  type: object
+              required:
+              - policy
+              type: object
+            type: array
+          scope:
+            description: Scope is an optional reference to the report scope (e.g.
+              a Deployment, Namespace, or Node)
+            properties:
+              apiVersion:
+                description: API version of the referent.
+                type: string
+              fieldPath:
+                description: 'If referring to a piece of an object instead of an entire
+                  object, this string should contain a valid JSON/Go field access
+                  statement, such as desiredState.manifest.containers[2]. For example,
+                  if the object reference is to a container within a pod, this would
+                  take on a value like: "spec.containers{name}" (where "name" refers
+                  to the name of the container that triggered the event) or if no
+                  container name is specified "spec.containers[2]" (container with
+                  index 2 in this pod). This syntax is chosen only to have some well-defined
+                  way of referencing a part of an object. TODO: this design is not
+                  final and this field is subject to change in the future.'
+                type: string
+              kind:
+                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                type: string
+              name:
+                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                type: string
+              namespace:
+                description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                type: string
+              resourceVersion:
+                description: 'Specific resourceVersion to which this reference is
+                  made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                type: string
+              uid:
+                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                type: string
+            type: object
+          scopeSelector:
+            description: ScopeSelector is an optional selector for multiple scopes
+              (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+              should be specified.
+            properties:
+              matchExpressions:
+                description: matchExpressions is a list of label selector requirements.
+                  The requirements are ANDed.
+                items:
+                  description: A label selector requirement is a selector that contains
+                    values, a key, and an operator that relates the key and values.
+                  properties:
+                    key:
+                      description: key is the label key that the selector applies
+                        to.
+                      type: string
+                    operator:
+                      description: operator represents a key's relationship to a set
+                        of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                      type: string
+                    values:
+                      description: values is an array of string values. If the operator
+                        is In or NotIn, the values array must be non-empty. If the
+                        operator is Exists or DoesNotExist, the values array must
+                        be empty. This array is replaced during a strategic merge
+                        patch.
+                      items:
+                        type: string
+                      type: array
+                  required:
+                  - key
+                  - operator
+                  type: object
+                type: array
+              matchLabels:
+                additionalProperties:
+                  type: string
+                description: matchLabels is a map of {key,value} pairs. A single {key,value}
+                  in the matchLabels map is equivalent to an element of matchExpressions,
+                  whose key field is "key", the operator is "In", and the values array
+                  contains only "value". The requirements are ANDed.
+                type: object
+            type: object
+          summary:
+            description: PolicyReportSummary provides a summary of results
+            properties:
+              error:
+                description: Error provides the count of policies that could not be
+                  evaluated
+                type: integer
+              fail:
+                description: Fail provides the count of policies whose requirements
+                  were not met
+                type: integer
+              pass:
+                description: Pass provides the count of policies whose requirements
+                  were met
+                type: integer
+              skip:
+                description: Skip indicates the count of policies that were not selected
+                  for evaluation
+                type: integer
+              warn:
+                description: Warn provides the count of non-scored policies whose
+                  requirements were not met
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources: {}
+  - additionalPrinterColumns:
+    - jsonPath: .scope.kind
+      name: Kind
+      priority: 1
+      type: string
+    - jsonPath: .scope.name
+      name: Name
+      priority: 1
+      type: string
+    - jsonPath: .summary.pass
+      name: Pass
+      type: integer
+    - jsonPath: .summary.fail
+      name: Fail
+      type: integer
+    - jsonPath: .summary.warn
+      name: Warn
+      type: integer
+    - jsonPath: .summary.error
+      name: Error
+      type: integer
+    - jsonPath: .summary.skip
+      name: Skip
+      type: integer
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: PolicyReport is the Schema for the policyreports API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          results:
+            description: PolicyReportResult provides result details
+            items:
+              description: PolicyReportResult provides the result for an individual
+                policy
+              properties:
+                category:
+                  description: Category indicates policy category
+                  type: string
+                message:
+                  description: Description is a short user friendly message for the
+                    policy rule
+                  type: string
+                policy:
+                  description: Policy is the name or identifier of the policy
+                  type: string
+                properties:
+                  additionalProperties:
+                    type: string
+                  description: Properties provides additional information for the
+                    policy rule
+                  type: object
+                resourceSelector:
+                  description: SubjectSelector is an optional label selector for checked
+                    Kubernetes resources. For example, a policy result may apply to
+                    all pods that match a label. Either a Subject or a SubjectSelector
+                    can be specified. If neither are provided, the result is assumed
+                    to be for the policy report scope.
+                  properties:
+                    matchExpressions:
+                      description: matchExpressions is a list of label selector requirements.
+                        The requirements are ANDed.
+                      items:
+                        description: A label selector requirement is a selector that
+                          contains values, a key, and an operator that relates the
+                          key and values.
+                        properties:
+                          key:
+                            description: key is the label key that the selector applies
+                              to.
+                            type: string
+                          operator:
+                            description: operator represents a key's relationship
+                              to a set of values. Valid operators are In, NotIn, Exists
+                              and DoesNotExist.
+                            type: string
+                          values:
+                            description: values is an array of string values. If the
+                              operator is In or NotIn, the values array must be non-empty.
+                              If the operator is Exists or DoesNotExist, the values
+                              array must be empty. This array is replaced during a
+                              strategic merge patch.
+                            items:
+                              type: string
+                            type: array
+                        required:
+                        - key
+                        - operator
+                        type: object
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        type: string
+                      description: matchLabels is a map of {key,value} pairs. A single
+                        {key,value} in the matchLabels map is equivalent to an element
+                        of matchExpressions, whose key field is "key", the operator
+                        is "In", and the values array contains only "value". The requirements
+                        are ANDed.
+                      type: object
+                  type: object
+                resources:
+                  description: Subjects is an optional reference to the checked Kubernetes
+                    resources
+                  items:
+                    description: 'ObjectReference contains enough information to let
+                      you inspect or modify the referred object. --- New uses of this
+                      type are discouraged because of difficulty describing its usage
+                      when embedded in APIs. 1. Ignored fields.  It includes many
+                      fields which are not generally honored.  For instance, ResourceVersion
+                      and FieldPath are both very rarely valid in actual usage. 2.
+                      Invalid usage help.  It is impossible to add specific help for
+                      individual usage.  In most embedded usages, there are particular
+                      restrictions like, "must refer only to types A and B" or "UID
+                      not honored" or "name must be restricted". Those cannot be well
+                      described when embedded. 3. Inconsistent validation.  Because
+                      the usages are different, the validation rules are different
+                      by usage, which makes it hard for users to predict what will
+                      happen. 4. The fields are both imprecise and overly precise.  Kind
+                      is not a precise mapping to a URL. This can produce ambiguity
+                      during interpretation and require a REST mapping.  In most cases,
+                      the dependency is on the group,resource tuple and the version
+                      of the actual struct is irrelevant. 5. We cannot easily change
+                      it.  Because this type is embedded in many locations, updates
+                      to this type will affect numerous schemas.  Don''t make new
+                      APIs embed an underspecified API type they do not control. Instead
+                      of using this type, create a locally provided and used type
+                      that is well-focused on your reference. For example, ServiceReferences
+                      for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                      .'
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                  type: array
+                result:
+                  description: Result indicates the outcome of the policy rule execution
+                  enum:
+                  - pass
+                  - fail
+                  - warn
+                  - error
+                  - skip
+                  type: string
+                rule:
+                  description: Rule is the name or identifier of the rule within the
+                    policy
+                  type: string
+                scored:
+                  description: Scored indicates if this result is scored
+                  type: boolean
+                severity:
+                  description: Severity indicates policy check result criticality
+                  enum:
+                  - critical
+                  - high
+                  - low
+                  - medium
+                  - info
+                  type: string
+                source:
+                  description: Source is an identifier for the policy engine that
+                    manages this report
+                  type: string
+                timestamp:
+                  description: Timestamp indicates the time the result was found
+                  properties:
+                    nanos:
+                      description: Non-negative fractions of a second at nanosecond
+                        resolution. Negative second values with fractions must still
+                        have non-negative nanos values that count forward in time.
+                        Must be from 0 to 999,999,999 inclusive. This field may be
+                        limited in precision depending on context.
+                      format: int32
+                      type: integer
+                    seconds:
+                      description: Represents seconds of UTC time since Unix epoch
+                        1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+                        9999-12-31T23:59:59Z inclusive.
+                      format: int64
+                      type: integer
+                  required:
+                  - nanos
+                  - seconds
+                  type: object
+              required:
+              - policy
+              type: object
+            type: array
+          scope:
+            description: Scope is an optional reference to the report scope (e.g.
+              a Deployment, Namespace, or Node)
+            properties:
+              apiVersion:
+                description: API version of the referent.
+                type: string
+              fieldPath:
+                description: 'If referring to a piece of an object instead of an entire
+                  object, this string should contain a valid JSON/Go field access
+                  statement, such as desiredState.manifest.containers[2]. For example,
+                  if the object reference is to a container within a pod, this would
+                  take on a value like: "spec.containers{name}" (where "name" refers
+                  to the name of the container that triggered the event) or if no
+                  container name is specified "spec.containers[2]" (container with
+                  index 2 in this pod). This syntax is chosen only to have some well-defined
+                  way of referencing a part of an object. TODO: this design is not
+                  final and this field is subject to change in the future.'
+                type: string
+              kind:
+                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                type: string
+              name:
+                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                type: string
+              namespace:
+                description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                type: string
+              resourceVersion:
+                description: 'Specific resourceVersion to which this reference is
+                  made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                type: string
+              uid:
+                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                type: string
+            type: object
+          scopeSelector:
+            description: ScopeSelector is an optional selector for multiple scopes
+              (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+              should be specified.
+            properties:
+              matchExpressions:
+                description: matchExpressions is a list of label selector requirements.
+                  The requirements are ANDed.
+                items:
+                  description: A label selector requirement is a selector that contains
+                    values, a key, and an operator that relates the key and values.
+                  properties:
+                    key:
+                      description: key is the label key that the selector applies
+                        to.
+                      type: string
+                    operator:
+                      description: operator represents a key's relationship to a set
+                        of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                      type: string
+                    values:
+                      description: values is an array of string values. If the operator
+                        is In or NotIn, the values array must be non-empty. If the
+                        operator is Exists or DoesNotExist, the values array must
+                        be empty. This array is replaced during a strategic merge
+                        patch.
+                      items:
+                        type: string
+                      type: array
+                  required:
+                  - key
+                  - operator
+                  type: object
+                type: array
+              matchLabels:
+                additionalProperties:
+                  type: string
+                description: matchLabels is a map of {key,value} pairs. A single {key,value}
+                  in the matchLabels map is equivalent to an element of matchExpressions,
+                  whose key field is "key", the operator is "In", and the values array
+                  contains only "value". The requirements are ANDed.
+                type: object
+            type: object
+          summary:
+            description: PolicyReportSummary provides a summary of results
+            properties:
+              error:
+                description: Error provides the count of policies that could not be
+                  evaluated
+                type: integer
+              fail:
+                description: Fail provides the count of policies whose requirements
+                  were not met
+                type: integer
+              pass:
+                description: Pass provides the count of policies whose requirements
+                  were met
+                type: integer
+              skip:
+                description: Skip indicates the count of policies that were not selected
+                  for evaluation
+                type: integer
+              warn:
+                description: Warn provides the count of non-scored policies whose
+                  requirements were not met
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources: {}
diff --git a/policy-report/crd/wgpolicyk8s.io/v1beta1/wgpolicyk8s.io_clusterpolicyreports.yaml b/policy-report/crd/wgpolicyk8s.io/v1beta1/wgpolicyk8s.io_clusterpolicyreports.yaml
new file mode 100644
index 0000000..d2c6944
--- /dev/null
+++ b/policy-report/crd/wgpolicyk8s.io/v1beta1/wgpolicyk8s.io_clusterpolicyreports.yaml
@@ -0,0 +1,1047 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.12.1
+  name: clusterpolicyreports.wgpolicyk8s.io
+spec:
+  group: wgpolicyk8s.io
+  names:
+    kind: ClusterPolicyReport
+    listKind: ClusterPolicyReportList
+    plural: clusterpolicyreports
+    shortNames:
+    - cpolr
+    singular: clusterpolicyreport
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .scope.kind
+      name: Kind
+      priority: 1
+      type: string
+    - jsonPath: .scope.name
+      name: Name
+      priority: 1
+      type: string
+    - jsonPath: .summary.pass
+      name: Pass
+      type: integer
+    - jsonPath: .summary.fail
+      name: Fail
+      type: integer
+    - jsonPath: .summary.warn
+      name: Warn
+      type: integer
+    - jsonPath: .summary.error
+      name: Error
+      type: integer
+    - jsonPath: .summary.skip
+      name: Skip
+      type: integer
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: ClusterPolicyReport is the Schema for the clusterpolicyreports
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          results:
+            description: PolicyReportResult provides result details
+            items:
+              description: PolicyReportResult provides the result for an individual
+                policy
+              properties:
+                category:
+                  description: Category indicates policy category
+                  type: string
+                data:
+                  additionalProperties:
+                    type: string
+                  description: Data provides additional information for the policy
+                    rule
+                  type: object
+                message:
+                  description: Message is a short user friendly description of the
+                    policy rule
+                  type: string
+                policy:
+                  description: Policy is the name of the policy
+                  type: string
+                resourceSelector:
+                  description: ResourceSelector is an optional selector for policy
+                    results that apply to multiple resources. For example, a policy
+                    result may apply to all pods that match a label. Either a Resource
+                    or a ResourceSelector can be specified. If neither are provided,
+                    the result is assumed to be for the policy report scope.
+                  properties:
+                    matchExpressions:
+                      description: matchExpressions is a list of label selector requirements.
+                        The requirements are ANDed.
+                      items:
+                        description: A label selector requirement is a selector that
+                          contains values, a key, and an operator that relates the
+                          key and values.
+                        properties:
+                          key:
+                            description: key is the label key that the selector applies
+                              to.
+                            type: string
+                          operator:
+                            description: operator represents a key's relationship
+                              to a set of values. Valid operators are In, NotIn, Exists
+                              and DoesNotExist.
+                            type: string
+                          values:
+                            description: values is an array of string values. If the
+                              operator is In or NotIn, the values array must be non-empty.
+                              If the operator is Exists or DoesNotExist, the values
+                              array must be empty. This array is replaced during a
+                              strategic merge patch.
+                            items:
+                              type: string
+                            type: array
+                        required:
+                        - key
+                        - operator
+                        type: object
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        type: string
+                      description: matchLabels is a map of {key,value} pairs. A single
+                        {key,value} in the matchLabels map is equivalent to an element
+                        of matchExpressions, whose key field is "key", the operator
+                        is "In", and the values array contains only "value". The requirements
+                        are ANDed.
+                      type: object
+                  type: object
+                resources:
+                  description: Resources is an optional reference to the resource
+                    checked by the policy and rule
+                  items:
+                    description: "ObjectReference contains enough information to let
+                      you inspect or modify the referred object. --- New uses of this
+                      type are discouraged because of difficulty describing its usage
+                      when embedded in APIs. 1. Ignored fields.  It includes many
+                      fields which are not generally honored.  For instance, ResourceVersion
+                      and FieldPath are both very rarely valid in actual usage. 2.
+                      Invalid usage help.  It is impossible to add specific help for
+                      individual usage.  In most embedded usages, there are particular
+                      restrictions like, \"must refer only to types A and B\" or \"UID
+                      not honored\" or \"name must be restricted\". Those cannot be
+                      well described when embedded. 3. Inconsistent validation.  Because
+                      the usages are different, the validation rules are different
+                      by usage, which makes it hard for users to predict what will
+                      happen. 4. The fields are both imprecise and overly precise.
+                      \ Kind is not a precise mapping to a URL. This can produce ambiguity
+                      during interpretation and require a REST mapping.  In most cases,
+                      the dependency is on the group,resource tuple and the version
+                      of the actual struct is irrelevant. 5. We cannot easily change
+                      it.  Because this type is embedded in many locations, updates
+                      to this type will affect numerous schemas.  Don't make new APIs
+                      embed an underspecified API type they do not control. \n Instead
+                      of using this type, create a locally provided and used type
+                      that is well-focused on your reference. For example, ServiceReferences
+                      for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                      ."
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                  type: array
+                rule:
+                  description: Rule is the name of the policy rule
+                  type: string
+                scored:
+                  description: Scored indicates if this policy rule is scored
+                  type: boolean
+                severity:
+                  description: Severity indicates policy severity
+                  enum:
+                  - high
+                  - low
+                  - medium
+                  type: string
+                status:
+                  description: Status indicates the result of the policy rule check
+                  enum:
+                  - pass
+                  - fail
+                  - warn
+                  - error
+                  - skip
+                  type: string
+              required:
+              - policy
+              type: object
+            type: array
+          scope:
+            description: Scope is an optional reference to the report scope (e.g.
+              a Deployment, Namespace, or Node)
+            properties:
+              apiVersion:
+                description: API version of the referent.
+                type: string
+              fieldPath:
+                description: 'If referring to a piece of an object instead of an entire
+                  object, this string should contain a valid JSON/Go field access
+                  statement, such as desiredState.manifest.containers[2]. For example,
+                  if the object reference is to a container within a pod, this would
+                  take on a value like: "spec.containers{name}" (where "name" refers
+                  to the name of the container that triggered the event) or if no
+                  container name is specified "spec.containers[2]" (container with
+                  index 2 in this pod). This syntax is chosen only to have some well-defined
+                  way of referencing a part of an object. TODO: this design is not
+                  final and this field is subject to change in the future.'
+                type: string
+              kind:
+                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                type: string
+              name:
+                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                type: string
+              namespace:
+                description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                type: string
+              resourceVersion:
+                description: 'Specific resourceVersion to which this reference is
+                  made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                type: string
+              uid:
+                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                type: string
+            type: object
+          scopeSelector:
+            description: ScopeSelector is an optional selector for multiple scopes
+              (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+              should be specified.
+            properties:
+              matchExpressions:
+                description: matchExpressions is a list of label selector requirements.
+                  The requirements are ANDed.
+                items:
+                  description: A label selector requirement is a selector that contains
+                    values, a key, and an operator that relates the key and values.
+                  properties:
+                    key:
+                      description: key is the label key that the selector applies
+                        to.
+                      type: string
+                    operator:
+                      description: operator represents a key's relationship to a set
+                        of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                      type: string
+                    values:
+                      description: values is an array of string values. If the operator
+                        is In or NotIn, the values array must be non-empty. If the
+                        operator is Exists or DoesNotExist, the values array must
+                        be empty. This array is replaced during a strategic merge
+                        patch.
+                      items:
+                        type: string
+                      type: array
+                  required:
+                  - key
+                  - operator
+                  type: object
+                type: array
+              matchLabels:
+                additionalProperties:
+                  type: string
+                description: matchLabels is a map of {key,value} pairs. A single {key,value}
+                  in the matchLabels map is equivalent to an element of matchExpressions,
+                  whose key field is "key", the operator is "In", and the values array
+                  contains only "value". The requirements are ANDed.
+                type: object
+            type: object
+          summary:
+            description: PolicyReportSummary provides a summary of results
+            properties:
+              error:
+                description: Error provides the count of policies that could not be
+                  evaluated
+                type: integer
+              fail:
+                description: Fail provides the count of policies whose requirements
+                  were not met
+                type: integer
+              pass:
+                description: Pass provides the count of policies whose requirements
+                  were met
+                type: integer
+              skip:
+                description: Skip indicates the count of policies that were not selected
+                  for evaluation
+                type: integer
+              warn:
+                description: Warn provides the count of unscored policies whose requirements
+                  were not met
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources: {}
+  - additionalPrinterColumns:
+    - jsonPath: .scope.kind
+      name: Kind
+      priority: 1
+      type: string
+    - jsonPath: .scope.name
+      name: Name
+      priority: 1
+      type: string
+    - jsonPath: .summary.pass
+      name: Pass
+      type: integer
+    - jsonPath: .summary.fail
+      name: Fail
+      type: integer
+    - jsonPath: .summary.warn
+      name: Warn
+      type: integer
+    - jsonPath: .summary.error
+      name: Error
+      type: integer
+    - jsonPath: .summary.skip
+      name: Skip
+      type: integer
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: ClusterPolicyReport is the Schema for the clusterpolicyreports
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          results:
+            description: PolicyReportResult provides result details
+            items:
+              description: PolicyReportResult provides the result for an individual
+                policy
+              properties:
+                category:
+                  description: Category indicates policy category
+                  type: string
+                message:
+                  description: Description is a short user friendly message for the
+                    policy rule
+                  type: string
+                policy:
+                  description: Policy is the name or identifier of the policy
+                  type: string
+                properties:
+                  additionalProperties:
+                    type: string
+                  description: Properties provides additional information for the
+                    policy rule
+                  type: object
+                resourceSelector:
+                  description: SubjectSelector is an optional label selector for checked
+                    Kubernetes resources. For example, a policy result may apply to
+                    all pods that match a label. Either a Subject or a SubjectSelector
+                    can be specified. If neither are provided, the result is assumed
+                    to be for the policy report scope.
+                  properties:
+                    matchExpressions:
+                      description: matchExpressions is a list of label selector requirements.
+                        The requirements are ANDed.
+                      items:
+                        description: A label selector requirement is a selector that
+                          contains values, a key, and an operator that relates the
+                          key and values.
+                        properties:
+                          key:
+                            description: key is the label key that the selector applies
+                              to.
+                            type: string
+                          operator:
+                            description: operator represents a key's relationship
+                              to a set of values. Valid operators are In, NotIn, Exists
+                              and DoesNotExist.
+                            type: string
+                          values:
+                            description: values is an array of string values. If the
+                              operator is In or NotIn, the values array must be non-empty.
+                              If the operator is Exists or DoesNotExist, the values
+                              array must be empty. This array is replaced during a
+                              strategic merge patch.
+                            items:
+                              type: string
+                            type: array
+                        required:
+                        - key
+                        - operator
+                        type: object
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        type: string
+                      description: matchLabels is a map of {key,value} pairs. A single
+                        {key,value} in the matchLabels map is equivalent to an element
+                        of matchExpressions, whose key field is "key", the operator
+                        is "In", and the values array contains only "value". The requirements
+                        are ANDed.
+                      type: object
+                  type: object
+                resources:
+                  description: Subjects is an optional reference to the checked Kubernetes
+                    resources
+                  items:
+                    description: "ObjectReference contains enough information to let
+                      you inspect or modify the referred object. --- New uses of this
+                      type are discouraged because of difficulty describing its usage
+                      when embedded in APIs. 1. Ignored fields.  It includes many
+                      fields which are not generally honored.  For instance, ResourceVersion
+                      and FieldPath are both very rarely valid in actual usage. 2.
+                      Invalid usage help.  It is impossible to add specific help for
+                      individual usage.  In most embedded usages, there are particular
+                      restrictions like, \"must refer only to types A and B\" or \"UID
+                      not honored\" or \"name must be restricted\". Those cannot be
+                      well described when embedded. 3. Inconsistent validation.  Because
+                      the usages are different, the validation rules are different
+                      by usage, which makes it hard for users to predict what will
+                      happen. 4. The fields are both imprecise and overly precise.
+                      \ Kind is not a precise mapping to a URL. This can produce ambiguity
+                      during interpretation and require a REST mapping.  In most cases,
+                      the dependency is on the group,resource tuple and the version
+                      of the actual struct is irrelevant. 5. We cannot easily change
+                      it.  Because this type is embedded in many locations, updates
+                      to this type will affect numerous schemas.  Don't make new APIs
+                      embed an underspecified API type they do not control. \n Instead
+                      of using this type, create a locally provided and used type
+                      that is well-focused on your reference. For example, ServiceReferences
+                      for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                      ."
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                  type: array
+                result:
+                  description: Result indicates the outcome of the policy rule execution
+                  enum:
+                  - pass
+                  - fail
+                  - warn
+                  - error
+                  - skip
+                  type: string
+                rule:
+                  description: Rule is the name or identifier of the rule within the
+                    policy
+                  type: string
+                scored:
+                  description: Scored indicates if this result is scored
+                  type: boolean
+                severity:
+                  description: Severity indicates policy check result criticality
+                  enum:
+                  - critical
+                  - high
+                  - low
+                  - medium
+                  - info
+                  type: string
+                source:
+                  description: Source is an identifier for the policy engine that
+                    manages this report
+                  type: string
+                timestamp:
+                  description: Timestamp indicates the time the result was found
+                  properties:
+                    nanos:
+                      description: Non-negative fractions of a second at nanosecond
+                        resolution. Negative second values with fractions must still
+                        have non-negative nanos values that count forward in time.
+                        Must be from 0 to 999,999,999 inclusive. This field may be
+                        limited in precision depending on context.
+                      format: int32
+                      type: integer
+                    seconds:
+                      description: Represents seconds of UTC time since Unix epoch
+                        1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+                        9999-12-31T23:59:59Z inclusive.
+                      format: int64
+                      type: integer
+                  required:
+                  - nanos
+                  - seconds
+                  type: object
+              required:
+              - policy
+              type: object
+            type: array
+          scope:
+            description: Scope is an optional reference to the report scope (e.g.
+              a Deployment, Namespace, or Node)
+            properties:
+              apiVersion:
+                description: API version of the referent.
+                type: string
+              fieldPath:
+                description: 'If referring to a piece of an object instead of an entire
+                  object, this string should contain a valid JSON/Go field access
+                  statement, such as desiredState.manifest.containers[2]. For example,
+                  if the object reference is to a container within a pod, this would
+                  take on a value like: "spec.containers{name}" (where "name" refers
+                  to the name of the container that triggered the event) or if no
+                  container name is specified "spec.containers[2]" (container with
+                  index 2 in this pod). This syntax is chosen only to have some well-defined
+                  way of referencing a part of an object. TODO: this design is not
+                  final and this field is subject to change in the future.'
+                type: string
+              kind:
+                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                type: string
+              name:
+                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                type: string
+              namespace:
+                description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                type: string
+              resourceVersion:
+                description: 'Specific resourceVersion to which this reference is
+                  made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                type: string
+              uid:
+                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                type: string
+            type: object
+          scopeSelector:
+            description: ScopeSelector is an optional selector for multiple scopes
+              (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+              should be specified.
+            properties:
+              matchExpressions:
+                description: matchExpressions is a list of label selector requirements.
+                  The requirements are ANDed.
+                items:
+                  description: A label selector requirement is a selector that contains
+                    values, a key, and an operator that relates the key and values.
+                  properties:
+                    key:
+                      description: key is the label key that the selector applies
+                        to.
+                      type: string
+                    operator:
+                      description: operator represents a key's relationship to a set
+                        of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                      type: string
+                    values:
+                      description: values is an array of string values. If the operator
+                        is In or NotIn, the values array must be non-empty. If the
+                        operator is Exists or DoesNotExist, the values array must
+                        be empty. This array is replaced during a strategic merge
+                        patch.
+                      items:
+                        type: string
+                      type: array
+                  required:
+                  - key
+                  - operator
+                  type: object
+                type: array
+              matchLabels:
+                additionalProperties:
+                  type: string
+                description: matchLabels is a map of {key,value} pairs. A single {key,value}
+                  in the matchLabels map is equivalent to an element of matchExpressions,
+                  whose key field is "key", the operator is "In", and the values array
+                  contains only "value". The requirements are ANDed.
+                type: object
+            type: object
+          summary:
+            description: PolicyReportSummary provides a summary of results
+            properties:
+              error:
+                description: Error provides the count of policies that could not be
+                  evaluated
+                type: integer
+              fail:
+                description: Fail provides the count of policies whose requirements
+                  were not met
+                type: integer
+              pass:
+                description: Pass provides the count of policies whose requirements
+                  were met
+                type: integer
+              skip:
+                description: Skip indicates the count of policies that were not selected
+                  for evaluation
+                type: integer
+              warn:
+                description: Warn provides the count of non-scored policies whose
+                  requirements were not met
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources: {}
+  - additionalPrinterColumns:
+    - jsonPath: .scope.kind
+      name: Kind
+      priority: 1
+      type: string
+    - jsonPath: .scope.name
+      name: Name
+      priority: 1
+      type: string
+    - jsonPath: .summary.pass
+      name: Pass
+      type: integer
+    - jsonPath: .summary.fail
+      name: Fail
+      type: integer
+    - jsonPath: .summary.warn
+      name: Warn
+      type: integer
+    - jsonPath: .summary.error
+      name: Error
+      type: integer
+    - jsonPath: .summary.skip
+      name: Skip
+      type: integer
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: ClusterPolicyReport is the Schema for the clusterpolicyreports
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          configuration:
+            description: Configuration is an optional field which can be used to specify
+              a contract between PolicyReport generators and consumers
+            properties:
+              limits:
+                properties:
+                  maxResults:
+                    description: MaxResults is the maximum number of results contained
+                      in the report
+                    type: integer
+                  statusFilter:
+                    description: StatusFilter indicates that the PolicyReport contains
+                      only those reports with statuses specified in this list
+                    items:
+                      description: StatusFilter is used by PolicyReport generators
+                        to write only those reports whose status is specified by the
+                        filters
+                      enum:
+                      - pass
+                      - fail
+                      - warn
+                      - error
+                      - skip
+                      type: string
+                    type: array
+                type: object
+            required:
+            - limits
+            type: object
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          results:
+            description: PolicyReportResult provides result details
+            items:
+              description: PolicyReportResult provides the result for an individual
+                policy
+              properties:
+                category:
+                  description: Category indicates policy category
+                  type: string
+                message:
+                  description: Description is a short user friendly message for the
+                    policy rule
+                  type: string
+                policy:
+                  description: Policy is the name or identifier of the policy
+                  type: string
+                properties:
+                  additionalProperties:
+                    type: string
+                  description: Properties provides additional information for the
+                    policy rule
+                  type: object
+                resourceSelector:
+                  description: ResourceSelector is an optional label selector for
+                    checked Kubernetes resources. For example, a policy result may
+                    apply to all pods that match a label. Either a Subject or a ResourceSelector
+                    can be specified. If neither are provided, the result is assumed
+                    to be for the policy report scope.
+                  properties:
+                    matchExpressions:
+                      description: matchExpressions is a list of label selector requirements.
+                        The requirements are ANDed.
+                      items:
+                        description: A label selector requirement is a selector that
+                          contains values, a key, and an operator that relates the
+                          key and values.
+                        properties:
+                          key:
+                            description: key is the label key that the selector applies
+                              to.
+                            type: string
+                          operator:
+                            description: operator represents a key's relationship
+                              to a set of values. Valid operators are In, NotIn, Exists
+                              and DoesNotExist.
+                            type: string
+                          values:
+                            description: values is an array of string values. If the
+                              operator is In or NotIn, the values array must be non-empty.
+                              If the operator is Exists or DoesNotExist, the values
+                              array must be empty. This array is replaced during a
+                              strategic merge patch.
+                            items:
+                              type: string
+                            type: array
+                        required:
+                        - key
+                        - operator
+                        type: object
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        type: string
+                      description: matchLabels is a map of {key,value} pairs. A single
+                        {key,value} in the matchLabels map is equivalent to an element
+                        of matchExpressions, whose key field is "key", the operator
+                        is "In", and the values array contains only "value". The requirements
+                        are ANDed.
+                      type: object
+                  type: object
+                resources:
+                  description: Subjects is an optional reference to the checked Kubernetes
+                    resources
+                  items:
+                    description: "ObjectReference contains enough information to let
+                      you inspect or modify the referred object. --- New uses of this
+                      type are discouraged because of difficulty describing its usage
+                      when embedded in APIs. 1. Ignored fields.  It includes many
+                      fields which are not generally honored.  For instance, ResourceVersion
+                      and FieldPath are both very rarely valid in actual usage. 2.
+                      Invalid usage help.  It is impossible to add specific help for
+                      individual usage.  In most embedded usages, there are particular
+                      restrictions like, \"must refer only to types A and B\" or \"UID
+                      not honored\" or \"name must be restricted\". Those cannot be
+                      well described when embedded. 3. Inconsistent validation.  Because
+                      the usages are different, the validation rules are different
+                      by usage, which makes it hard for users to predict what will
+                      happen. 4. The fields are both imprecise and overly precise.
+                      \ Kind is not a precise mapping to a URL. This can produce ambiguity
+                      during interpretation and require a REST mapping.  In most cases,
+                      the dependency is on the group,resource tuple and the version
+                      of the actual struct is irrelevant. 5. We cannot easily change
+                      it.  Because this type is embedded in many locations, updates
+                      to this type will affect numerous schemas.  Don't make new APIs
+                      embed an underspecified API type they do not control. \n Instead
+                      of using this type, create a locally provided and used type
+                      that is well-focused on your reference. For example, ServiceReferences
+                      for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                      ."
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                  type: array
+                result:
+                  description: Result indicates the outcome of the policy rule execution
+                  enum:
+                  - pass
+                  - fail
+                  - warn
+                  - error
+                  - skip
+                  type: string
+                rule:
+                  description: Rule is the name or identifier of the rule within the
+                    policy
+                  type: string
+                scored:
+                  description: Scored indicates if this result is scored
+                  type: boolean
+                severity:
+                  description: Severity indicates policy check result criticality
+                  enum:
+                  - critical
+                  - high
+                  - low
+                  - medium
+                  - info
+                  type: string
+                source:
+                  description: Source is an identifier for the policy engine that
+                    manages this report If the Source is specified at this level,
+                    it will override the Source field set at the PolicyReport level
+                  type: string
+                timestamp:
+                  description: Timestamp indicates the time the result was found
+                  properties:
+                    nanos:
+                      description: Non-negative fractions of a second at nanosecond
+                        resolution. Negative second values with fractions must still
+                        have non-negative nanos values that count forward in time.
+                        Must be from 0 to 999,999,999 inclusive. This field may be
+                        limited in precision depending on context.
+                      format: int32
+                      type: integer
+                    seconds:
+                      description: Represents seconds of UTC time since Unix epoch
+                        1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+                        9999-12-31T23:59:59Z inclusive.
+                      format: int64
+                      type: integer
+                  required:
+                  - nanos
+                  - seconds
+                  type: object
+              required:
+              - policy
+              type: object
+            type: array
+          scope:
+            description: Scope is an optional reference to the report scope (e.g.
+              a Deployment, Namespace, or Node)
+            properties:
+              apiVersion:
+                description: API version of the referent.
+                type: string
+              fieldPath:
+                description: 'If referring to a piece of an object instead of an entire
+                  object, this string should contain a valid JSON/Go field access
+                  statement, such as desiredState.manifest.containers[2]. For example,
+                  if the object reference is to a container within a pod, this would
+                  take on a value like: "spec.containers{name}" (where "name" refers
+                  to the name of the container that triggered the event) or if no
+                  container name is specified "spec.containers[2]" (container with
+                  index 2 in this pod). This syntax is chosen only to have some well-defined
+                  way of referencing a part of an object. TODO: this design is not
+                  final and this field is subject to change in the future.'
+                type: string
+              kind:
+                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                type: string
+              name:
+                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                type: string
+              namespace:
+                description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                type: string
+              resourceVersion:
+                description: 'Specific resourceVersion to which this reference is
+                  made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                type: string
+              uid:
+                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                type: string
+            type: object
+          scopeSelector:
+            description: ScopeSelector is an optional selector for multiple scopes
+              (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+              should be specified.
+            properties:
+              matchExpressions:
+                description: matchExpressions is a list of label selector requirements.
+                  The requirements are ANDed.
+                items:
+                  description: A label selector requirement is a selector that contains
+                    values, a key, and an operator that relates the key and values.
+                  properties:
+                    key:
+                      description: key is the label key that the selector applies
+                        to.
+                      type: string
+                    operator:
+                      description: operator represents a key's relationship to a set
+                        of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                      type: string
+                    values:
+                      description: values is an array of string values. If the operator
+                        is In or NotIn, the values array must be non-empty. If the
+                        operator is Exists or DoesNotExist, the values array must
+                        be empty. This array is replaced during a strategic merge
+                        patch.
+                      items:
+                        type: string
+                      type: array
+                  required:
+                  - key
+                  - operator
+                  type: object
+                type: array
+              matchLabels:
+                additionalProperties:
+                  type: string
+                description: matchLabels is a map of {key,value} pairs. A single {key,value}
+                  in the matchLabels map is equivalent to an element of matchExpressions,
+                  whose key field is "key", the operator is "In", and the values array
+                  contains only "value". The requirements are ANDed.
+                type: object
+            type: object
+          source:
+            description: Source is an identifier for the source e.g. a policy engine
+              that manages this report. Use this field if all the results are produced
+              by a single policy engine. If the results are produced by multiple sources
+              e.g. different engines or scanners, then use the Source field at the
+              PolicyReportResult level.
+            type: string
+          summary:
+            description: PolicyReportSummary provides a summary of results
+            properties:
+              error:
+                description: Error provides the count of policies that could not be
+                  evaluated
+                type: integer
+              fail:
+                description: Fail provides the count of policies whose requirements
+                  were not met
+                type: integer
+              pass:
+                description: Pass provides the count of policies whose requirements
+                  were met
+                type: integer
+              skip:
+                description: Skip indicates the count of policies that were not selected
+                  for evaluation
+                type: integer
+              warn:
+                description: Warn provides the count of non-scored policies whose
+                  requirements were not met
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources: {}
diff --git a/policy-report/crd/wgpolicyk8s.io/v1beta1/wgpolicyk8s.io_policyreports.yaml b/policy-report/crd/wgpolicyk8s.io/v1beta1/wgpolicyk8s.io_policyreports.yaml
new file mode 100644
index 0000000..9bfe775
--- /dev/null
+++ b/policy-report/crd/wgpolicyk8s.io/v1beta1/wgpolicyk8s.io_policyreports.yaml
@@ -0,0 +1,1044 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.12.1
+  name: policyreports.wgpolicyk8s.io
+spec:
+  group: wgpolicyk8s.io
+  names:
+    kind: PolicyReport
+    listKind: PolicyReportList
+    plural: policyreports
+    shortNames:
+    - polr
+    singular: policyreport
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .scope.kind
+      name: Kind
+      priority: 1
+      type: string
+    - jsonPath: .scope.name
+      name: Name
+      priority: 1
+      type: string
+    - jsonPath: .summary.pass
+      name: Pass
+      type: integer
+    - jsonPath: .summary.fail
+      name: Fail
+      type: integer
+    - jsonPath: .summary.warn
+      name: Warn
+      type: integer
+    - jsonPath: .summary.error
+      name: Error
+      type: integer
+    - jsonPath: .summary.skip
+      name: Skip
+      type: integer
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: PolicyReport is the Schema for the policyreports API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          results:
+            description: PolicyReportResult provides result details
+            items:
+              description: PolicyReportResult provides the result for an individual
+                policy
+              properties:
+                category:
+                  description: Category indicates policy category
+                  type: string
+                data:
+                  additionalProperties:
+                    type: string
+                  description: Data provides additional information for the policy
+                    rule
+                  type: object
+                message:
+                  description: Message is a short user friendly description of the
+                    policy rule
+                  type: string
+                policy:
+                  description: Policy is the name of the policy
+                  type: string
+                resourceSelector:
+                  description: ResourceSelector is an optional selector for policy
+                    results that apply to multiple resources. For example, a policy
+                    result may apply to all pods that match a label. Either a Resource
+                    or a ResourceSelector can be specified. If neither are provided,
+                    the result is assumed to be for the policy report scope.
+                  properties:
+                    matchExpressions:
+                      description: matchExpressions is a list of label selector requirements.
+                        The requirements are ANDed.
+                      items:
+                        description: A label selector requirement is a selector that
+                          contains values, a key, and an operator that relates the
+                          key and values.
+                        properties:
+                          key:
+                            description: key is the label key that the selector applies
+                              to.
+                            type: string
+                          operator:
+                            description: operator represents a key's relationship
+                              to a set of values. Valid operators are In, NotIn, Exists
+                              and DoesNotExist.
+                            type: string
+                          values:
+                            description: values is an array of string values. If the
+                              operator is In or NotIn, the values array must be non-empty.
+                              If the operator is Exists or DoesNotExist, the values
+                              array must be empty. This array is replaced during a
+                              strategic merge patch.
+                            items:
+                              type: string
+                            type: array
+                        required:
+                        - key
+                        - operator
+                        type: object
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        type: string
+                      description: matchLabels is a map of {key,value} pairs. A single
+                        {key,value} in the matchLabels map is equivalent to an element
+                        of matchExpressions, whose key field is "key", the operator
+                        is "In", and the values array contains only "value". The requirements
+                        are ANDed.
+                      type: object
+                  type: object
+                resources:
+                  description: Resources is an optional reference to the resource
+                    checked by the policy and rule
+                  items:
+                    description: "ObjectReference contains enough information to let
+                      you inspect or modify the referred object. --- New uses of this
+                      type are discouraged because of difficulty describing its usage
+                      when embedded in APIs. 1. Ignored fields.  It includes many
+                      fields which are not generally honored.  For instance, ResourceVersion
+                      and FieldPath are both very rarely valid in actual usage. 2.
+                      Invalid usage help.  It is impossible to add specific help for
+                      individual usage.  In most embedded usages, there are particular
+                      restrictions like, \"must refer only to types A and B\" or \"UID
+                      not honored\" or \"name must be restricted\". Those cannot be
+                      well described when embedded. 3. Inconsistent validation.  Because
+                      the usages are different, the validation rules are different
+                      by usage, which makes it hard for users to predict what will
+                      happen. 4. The fields are both imprecise and overly precise.
+                      \ Kind is not a precise mapping to a URL. This can produce ambiguity
+                      during interpretation and require a REST mapping.  In most cases,
+                      the dependency is on the group,resource tuple and the version
+                      of the actual struct is irrelevant. 5. We cannot easily change
+                      it.  Because this type is embedded in many locations, updates
+                      to this type will affect numerous schemas.  Don't make new APIs
+                      embed an underspecified API type they do not control. \n Instead
+                      of using this type, create a locally provided and used type
+                      that is well-focused on your reference. For example, ServiceReferences
+                      for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                      ."
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                  type: array
+                rule:
+                  description: Rule is the name of the policy rule
+                  type: string
+                scored:
+                  description: Scored indicates if this policy rule is scored
+                  type: boolean
+                severity:
+                  description: Severity indicates policy severity
+                  enum:
+                  - high
+                  - low
+                  - medium
+                  type: string
+                status:
+                  description: Status indicates the result of the policy rule check
+                  enum:
+                  - pass
+                  - fail
+                  - warn
+                  - error
+                  - skip
+                  type: string
+              required:
+              - policy
+              type: object
+            type: array
+          scope:
+            description: Scope is an optional reference to the report scope (e.g.
+              a Deployment, Namespace, or Node)
+            properties:
+              apiVersion:
+                description: API version of the referent.
+                type: string
+              fieldPath:
+                description: 'If referring to a piece of an object instead of an entire
+                  object, this string should contain a valid JSON/Go field access
+                  statement, such as desiredState.manifest.containers[2]. For example,
+                  if the object reference is to a container within a pod, this would
+                  take on a value like: "spec.containers{name}" (where "name" refers
+                  to the name of the container that triggered the event) or if no
+                  container name is specified "spec.containers[2]" (container with
+                  index 2 in this pod). This syntax is chosen only to have some well-defined
+                  way of referencing a part of an object. TODO: this design is not
+                  final and this field is subject to change in the future.'
+                type: string
+              kind:
+                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                type: string
+              name:
+                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                type: string
+              namespace:
+                description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                type: string
+              resourceVersion:
+                description: 'Specific resourceVersion to which this reference is
+                  made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                type: string
+              uid:
+                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                type: string
+            type: object
+          scopeSelector:
+            description: ScopeSelector is an optional selector for multiple scopes
+              (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+              should be specified.
+            properties:
+              matchExpressions:
+                description: matchExpressions is a list of label selector requirements.
+                  The requirements are ANDed.
+                items:
+                  description: A label selector requirement is a selector that contains
+                    values, a key, and an operator that relates the key and values.
+                  properties:
+                    key:
+                      description: key is the label key that the selector applies
+                        to.
+                      type: string
+                    operator:
+                      description: operator represents a key's relationship to a set
+                        of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                      type: string
+                    values:
+                      description: values is an array of string values. If the operator
+                        is In or NotIn, the values array must be non-empty. If the
+                        operator is Exists or DoesNotExist, the values array must
+                        be empty. This array is replaced during a strategic merge
+                        patch.
+                      items:
+                        type: string
+                      type: array
+                  required:
+                  - key
+                  - operator
+                  type: object
+                type: array
+              matchLabels:
+                additionalProperties:
+                  type: string
+                description: matchLabels is a map of {key,value} pairs. A single {key,value}
+                  in the matchLabels map is equivalent to an element of matchExpressions,
+                  whose key field is "key", the operator is "In", and the values array
+                  contains only "value". The requirements are ANDed.
+                type: object
+            type: object
+          summary:
+            description: PolicyReportSummary provides a summary of results
+            properties:
+              error:
+                description: Error provides the count of policies that could not be
+                  evaluated
+                type: integer
+              fail:
+                description: Fail provides the count of policies whose requirements
+                  were not met
+                type: integer
+              pass:
+                description: Pass provides the count of policies whose requirements
+                  were met
+                type: integer
+              skip:
+                description: Skip indicates the count of policies that were not selected
+                  for evaluation
+                type: integer
+              warn:
+                description: Warn provides the count of unscored policies whose requirements
+                  were not met
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources: {}
+  - additionalPrinterColumns:
+    - jsonPath: .scope.kind
+      name: Kind
+      priority: 1
+      type: string
+    - jsonPath: .scope.name
+      name: Name
+      priority: 1
+      type: string
+    - jsonPath: .summary.pass
+      name: Pass
+      type: integer
+    - jsonPath: .summary.fail
+      name: Fail
+      type: integer
+    - jsonPath: .summary.warn
+      name: Warn
+      type: integer
+    - jsonPath: .summary.error
+      name: Error
+      type: integer
+    - jsonPath: .summary.skip
+      name: Skip
+      type: integer
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: PolicyReport is the Schema for the policyreports API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          results:
+            description: PolicyReportResult provides result details
+            items:
+              description: PolicyReportResult provides the result for an individual
+                policy
+              properties:
+                category:
+                  description: Category indicates policy category
+                  type: string
+                message:
+                  description: Description is a short user friendly message for the
+                    policy rule
+                  type: string
+                policy:
+                  description: Policy is the name or identifier of the policy
+                  type: string
+                properties:
+                  additionalProperties:
+                    type: string
+                  description: Properties provides additional information for the
+                    policy rule
+                  type: object
+                resourceSelector:
+                  description: SubjectSelector is an optional label selector for checked
+                    Kubernetes resources. For example, a policy result may apply to
+                    all pods that match a label. Either a Subject or a SubjectSelector
+                    can be specified. If neither are provided, the result is assumed
+                    to be for the policy report scope.
+                  properties:
+                    matchExpressions:
+                      description: matchExpressions is a list of label selector requirements.
+                        The requirements are ANDed.
+                      items:
+                        description: A label selector requirement is a selector that
+                          contains values, a key, and an operator that relates the
+                          key and values.
+                        properties:
+                          key:
+                            description: key is the label key that the selector applies
+                              to.
+                            type: string
+                          operator:
+                            description: operator represents a key's relationship
+                              to a set of values. Valid operators are In, NotIn, Exists
+                              and DoesNotExist.
+                            type: string
+                          values:
+                            description: values is an array of string values. If the
+                              operator is In or NotIn, the values array must be non-empty.
+                              If the operator is Exists or DoesNotExist, the values
+                              array must be empty. This array is replaced during a
+                              strategic merge patch.
+                            items:
+                              type: string
+                            type: array
+                        required:
+                        - key
+                        - operator
+                        type: object
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        type: string
+                      description: matchLabels is a map of {key,value} pairs. A single
+                        {key,value} in the matchLabels map is equivalent to an element
+                        of matchExpressions, whose key field is "key", the operator
+                        is "In", and the values array contains only "value". The requirements
+                        are ANDed.
+                      type: object
+                  type: object
+                resources:
+                  description: Subjects is an optional reference to the checked Kubernetes
+                    resources
+                  items:
+                    description: "ObjectReference contains enough information to let
+                      you inspect or modify the referred object. --- New uses of this
+                      type are discouraged because of difficulty describing its usage
+                      when embedded in APIs. 1. Ignored fields.  It includes many
+                      fields which are not generally honored.  For instance, ResourceVersion
+                      and FieldPath are both very rarely valid in actual usage. 2.
+                      Invalid usage help.  It is impossible to add specific help for
+                      individual usage.  In most embedded usages, there are particular
+                      restrictions like, \"must refer only to types A and B\" or \"UID
+                      not honored\" or \"name must be restricted\". Those cannot be
+                      well described when embedded. 3. Inconsistent validation.  Because
+                      the usages are different, the validation rules are different
+                      by usage, which makes it hard for users to predict what will
+                      happen. 4. The fields are both imprecise and overly precise.
+                      \ Kind is not a precise mapping to a URL. This can produce ambiguity
+                      during interpretation and require a REST mapping.  In most cases,
+                      the dependency is on the group,resource tuple and the version
+                      of the actual struct is irrelevant. 5. We cannot easily change
+                      it.  Because this type is embedded in many locations, updates
+                      to this type will affect numerous schemas.  Don't make new APIs
+                      embed an underspecified API type they do not control. \n Instead
+                      of using this type, create a locally provided and used type
+                      that is well-focused on your reference. For example, ServiceReferences
+                      for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                      ."
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                  type: array
+                result:
+                  description: Result indicates the outcome of the policy rule execution
+                  enum:
+                  - pass
+                  - fail
+                  - warn
+                  - error
+                  - skip
+                  type: string
+                rule:
+                  description: Rule is the name or identifier of the rule within the
+                    policy
+                  type: string
+                scored:
+                  description: Scored indicates if this result is scored
+                  type: boolean
+                severity:
+                  description: Severity indicates policy check result criticality
+                  enum:
+                  - critical
+                  - high
+                  - low
+                  - medium
+                  - info
+                  type: string
+                source:
+                  description: Source is an identifier for the policy engine that
+                    manages this report
+                  type: string
+                timestamp:
+                  description: Timestamp indicates the time the result was found
+                  properties:
+                    nanos:
+                      description: Non-negative fractions of a second at nanosecond
+                        resolution. Negative second values with fractions must still
+                        have non-negative nanos values that count forward in time.
+                        Must be from 0 to 999,999,999 inclusive. This field may be
+                        limited in precision depending on context.
+                      format: int32
+                      type: integer
+                    seconds:
+                      description: Represents seconds of UTC time since Unix epoch
+                        1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+                        9999-12-31T23:59:59Z inclusive.
+                      format: int64
+                      type: integer
+                  required:
+                  - nanos
+                  - seconds
+                  type: object
+              required:
+              - policy
+              type: object
+            type: array
+          scope:
+            description: Scope is an optional reference to the report scope (e.g.
+              a Deployment, Namespace, or Node)
+            properties:
+              apiVersion:
+                description: API version of the referent.
+                type: string
+              fieldPath:
+                description: 'If referring to a piece of an object instead of an entire
+                  object, this string should contain a valid JSON/Go field access
+                  statement, such as desiredState.manifest.containers[2]. For example,
+                  if the object reference is to a container within a pod, this would
+                  take on a value like: "spec.containers{name}" (where "name" refers
+                  to the name of the container that triggered the event) or if no
+                  container name is specified "spec.containers[2]" (container with
+                  index 2 in this pod). This syntax is chosen only to have some well-defined
+                  way of referencing a part of an object. TODO: this design is not
+                  final and this field is subject to change in the future.'
+                type: string
+              kind:
+                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                type: string
+              name:
+                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                type: string
+              namespace:
+                description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                type: string
+              resourceVersion:
+                description: 'Specific resourceVersion to which this reference is
+                  made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                type: string
+              uid:
+                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                type: string
+            type: object
+          scopeSelector:
+            description: ScopeSelector is an optional selector for multiple scopes
+              (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+              should be specified.
+            properties:
+              matchExpressions:
+                description: matchExpressions is a list of label selector requirements.
+                  The requirements are ANDed.
+                items:
+                  description: A label selector requirement is a selector that contains
+                    values, a key, and an operator that relates the key and values.
+                  properties:
+                    key:
+                      description: key is the label key that the selector applies
+                        to.
+                      type: string
+                    operator:
+                      description: operator represents a key's relationship to a set
+                        of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                      type: string
+                    values:
+                      description: values is an array of string values. If the operator
+                        is In or NotIn, the values array must be non-empty. If the
+                        operator is Exists or DoesNotExist, the values array must
+                        be empty. This array is replaced during a strategic merge
+                        patch.
+                      items:
+                        type: string
+                      type: array
+                  required:
+                  - key
+                  - operator
+                  type: object
+                type: array
+              matchLabels:
+                additionalProperties:
+                  type: string
+                description: matchLabels is a map of {key,value} pairs. A single {key,value}
+                  in the matchLabels map is equivalent to an element of matchExpressions,
+                  whose key field is "key", the operator is "In", and the values array
+                  contains only "value". The requirements are ANDed.
+                type: object
+            type: object
+          summary:
+            description: PolicyReportSummary provides a summary of results
+            properties:
+              error:
+                description: Error provides the count of policies that could not be
+                  evaluated
+                type: integer
+              fail:
+                description: Fail provides the count of policies whose requirements
+                  were not met
+                type: integer
+              pass:
+                description: Pass provides the count of policies whose requirements
+                  were met
+                type: integer
+              skip:
+                description: Skip indicates the count of policies that were not selected
+                  for evaluation
+                type: integer
+              warn:
+                description: Warn provides the count of non-scored policies whose
+                  requirements were not met
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources: {}
+  - additionalPrinterColumns:
+    - jsonPath: .scope.kind
+      name: Kind
+      priority: 1
+      type: string
+    - jsonPath: .scope.name
+      name: Name
+      priority: 1
+      type: string
+    - jsonPath: .summary.pass
+      name: Pass
+      type: integer
+    - jsonPath: .summary.fail
+      name: Fail
+      type: integer
+    - jsonPath: .summary.warn
+      name: Warn
+      type: integer
+    - jsonPath: .summary.error
+      name: Error
+      type: integer
+    - jsonPath: .summary.skip
+      name: Skip
+      type: integer
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: PolicyReport is the Schema for the policyreports API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          configuration:
+            description: Configuration is an optional field which can be used to specify
+              a contract between PolicyReport generators and consumers
+            properties:
+              limits:
+                properties:
+                  maxResults:
+                    description: MaxResults is the maximum number of results contained
+                      in the report
+                    type: integer
+                  statusFilter:
+                    description: StatusFilter indicates that the PolicyReport contains
+                      only those reports with statuses specified in this list
+                    items:
+                      description: StatusFilter is used by PolicyReport generators
+                        to write only those reports whose status is specified by the
+                        filters
+                      enum:
+                      - pass
+                      - fail
+                      - warn
+                      - error
+                      - skip
+                      type: string
+                    type: array
+                type: object
+            required:
+            - limits
+            type: object
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          results:
+            description: PolicyReportResult provides result details
+            items:
+              description: PolicyReportResult provides the result for an individual
+                policy
+              properties:
+                category:
+                  description: Category indicates policy category
+                  type: string
+                message:
+                  description: Description is a short user friendly message for the
+                    policy rule
+                  type: string
+                policy:
+                  description: Policy is the name or identifier of the policy
+                  type: string
+                properties:
+                  additionalProperties:
+                    type: string
+                  description: Properties provides additional information for the
+                    policy rule
+                  type: object
+                resourceSelector:
+                  description: ResourceSelector is an optional label selector for
+                    checked Kubernetes resources. For example, a policy result may
+                    apply to all pods that match a label. Either a Subject or a ResourceSelector
+                    can be specified. If neither are provided, the result is assumed
+                    to be for the policy report scope.
+                  properties:
+                    matchExpressions:
+                      description: matchExpressions is a list of label selector requirements.
+                        The requirements are ANDed.
+                      items:
+                        description: A label selector requirement is a selector that
+                          contains values, a key, and an operator that relates the
+                          key and values.
+                        properties:
+                          key:
+                            description: key is the label key that the selector applies
+                              to.
+                            type: string
+                          operator:
+                            description: operator represents a key's relationship
+                              to a set of values. Valid operators are In, NotIn, Exists
+                              and DoesNotExist.
+                            type: string
+                          values:
+                            description: values is an array of string values. If the
+                              operator is In or NotIn, the values array must be non-empty.
+                              If the operator is Exists or DoesNotExist, the values
+                              array must be empty. This array is replaced during a
+                              strategic merge patch.
+                            items:
+                              type: string
+                            type: array
+                        required:
+                        - key
+                        - operator
+                        type: object
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        type: string
+                      description: matchLabels is a map of {key,value} pairs. A single
+                        {key,value} in the matchLabels map is equivalent to an element
+                        of matchExpressions, whose key field is "key", the operator
+                        is "In", and the values array contains only "value". The requirements
+                        are ANDed.
+                      type: object
+                  type: object
+                resources:
+                  description: Subjects is an optional reference to the checked Kubernetes
+                    resources
+                  items:
+                    description: "ObjectReference contains enough information to let
+                      you inspect or modify the referred object. --- New uses of this
+                      type are discouraged because of difficulty describing its usage
+                      when embedded in APIs. 1. Ignored fields.  It includes many
+                      fields which are not generally honored.  For instance, ResourceVersion
+                      and FieldPath are both very rarely valid in actual usage. 2.
+                      Invalid usage help.  It is impossible to add specific help for
+                      individual usage.  In most embedded usages, there are particular
+                      restrictions like, \"must refer only to types A and B\" or \"UID
+                      not honored\" or \"name must be restricted\". Those cannot be
+                      well described when embedded. 3. Inconsistent validation.  Because
+                      the usages are different, the validation rules are different
+                      by usage, which makes it hard for users to predict what will
+                      happen. 4. The fields are both imprecise and overly precise.
+                      \ Kind is not a precise mapping to a URL. This can produce ambiguity
+                      during interpretation and require a REST mapping.  In most cases,
+                      the dependency is on the group,resource tuple and the version
+                      of the actual struct is irrelevant. 5. We cannot easily change
+                      it.  Because this type is embedded in many locations, updates
+                      to this type will affect numerous schemas.  Don't make new APIs
+                      embed an underspecified API type they do not control. \n Instead
+                      of using this type, create a locally provided and used type
+                      that is well-focused on your reference. For example, ServiceReferences
+                      for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                      ."
+                    properties:
+                      apiVersion:
+                        description: API version of the referent.
+                        type: string
+                      fieldPath:
+                        description: 'If referring to a piece of an object instead
+                          of an entire object, this string should contain a valid
+                          JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                          For example, if the object reference is to a container within
+                          a pod, this would take on a value like: "spec.containers{name}"
+                          (where "name" refers to the name of the container that triggered
+                          the event) or if no container name is specified "spec.containers[2]"
+                          (container with index 2 in this pod). This syntax is chosen
+                          only to have some well-defined way of referencing a part
+                          of an object. TODO: this design is not final and this field
+                          is subject to change in the future.'
+                        type: string
+                      kind:
+                        description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                      resourceVersion:
+                        description: 'Specific resourceVersion to which this reference
+                          is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                        type: string
+                      uid:
+                        description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                        type: string
+                    type: object
+                  type: array
+                result:
+                  description: Result indicates the outcome of the policy rule execution
+                  enum:
+                  - pass
+                  - fail
+                  - warn
+                  - error
+                  - skip
+                  type: string
+                rule:
+                  description: Rule is the name or identifier of the rule within the
+                    policy
+                  type: string
+                scored:
+                  description: Scored indicates if this result is scored
+                  type: boolean
+                severity:
+                  description: Severity indicates policy check result criticality
+                  enum:
+                  - critical
+                  - high
+                  - low
+                  - medium
+                  - info
+                  type: string
+                source:
+                  description: Source is an identifier for the policy engine that
+                    manages this report If the Source is specified at this level,
+                    it will override the Source field set at the PolicyReport level
+                  type: string
+                timestamp:
+                  description: Timestamp indicates the time the result was found
+                  properties:
+                    nanos:
+                      description: Non-negative fractions of a second at nanosecond
+                        resolution. Negative second values with fractions must still
+                        have non-negative nanos values that count forward in time.
+                        Must be from 0 to 999,999,999 inclusive. This field may be
+                        limited in precision depending on context.
+                      format: int32
+                      type: integer
+                    seconds:
+                      description: Represents seconds of UTC time since Unix epoch
+                        1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+                        9999-12-31T23:59:59Z inclusive.
+                      format: int64
+                      type: integer
+                  required:
+                  - nanos
+                  - seconds
+                  type: object
+              required:
+              - policy
+              type: object
+            type: array
+          scope:
+            description: Scope is an optional reference to the report scope (e.g.
+              a Deployment, Namespace, or Node)
+            properties:
+              apiVersion:
+                description: API version of the referent.
+                type: string
+              fieldPath:
+                description: 'If referring to a piece of an object instead of an entire
+                  object, this string should contain a valid JSON/Go field access
+                  statement, such as desiredState.manifest.containers[2]. For example,
+                  if the object reference is to a container within a pod, this would
+                  take on a value like: "spec.containers{name}" (where "name" refers
+                  to the name of the container that triggered the event) or if no
+                  container name is specified "spec.containers[2]" (container with
+                  index 2 in this pod). This syntax is chosen only to have some well-defined
+                  way of referencing a part of an object. TODO: this design is not
+                  final and this field is subject to change in the future.'
+                type: string
+              kind:
+                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                type: string
+              name:
+                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                type: string
+              namespace:
+                description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                type: string
+              resourceVersion:
+                description: 'Specific resourceVersion to which this reference is
+                  made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                type: string
+              uid:
+                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                type: string
+            type: object
+          scopeSelector:
+            description: ScopeSelector is an optional selector for multiple scopes
+              (e.g. Pods). Either one of, or none of, but not both of, Scope or ScopeSelector
+              should be specified.
+            properties:
+              matchExpressions:
+                description: matchExpressions is a list of label selector requirements.
+                  The requirements are ANDed.
+                items:
+                  description: A label selector requirement is a selector that contains
+                    values, a key, and an operator that relates the key and values.
+                  properties:
+                    key:
+                      description: key is the label key that the selector applies
+                        to.
+                      type: string
+                    operator:
+                      description: operator represents a key's relationship to a set
+                        of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                      type: string
+                    values:
+                      description: values is an array of string values. If the operator
+                        is In or NotIn, the values array must be non-empty. If the
+                        operator is Exists or DoesNotExist, the values array must
+                        be empty. This array is replaced during a strategic merge
+                        patch.
+                      items:
+                        type: string
+                      type: array
+                  required:
+                  - key
+                  - operator
+                  type: object
+                type: array
+              matchLabels:
+                additionalProperties:
+                  type: string
+                description: matchLabels is a map of {key,value} pairs. A single {key,value}
+                  in the matchLabels map is equivalent to an element of matchExpressions,
+                  whose key field is "key", the operator is "In", and the values array
+                  contains only "value". The requirements are ANDed.
+                type: object
+            type: object
+          source:
+            description: Source is an identifier for the source e.g. a policy engine
+              that manages this report. Use this field if all the results are produced
+              by a single policy engine. If the results are produced by multiple sources
+              e.g. different engines or scanners, then use the Source field at the
+              PolicyReportResult level.
+            type: string
+          summary:
+            description: PolicyReportSummary provides a summary of results
+            properties:
+              error:
+                description: Error provides the count of policies that could not be
+                  evaluated
+                type: integer
+              fail:
+                description: Fail provides the count of policies whose requirements
+                  were not met
+                type: integer
+              pass:
+                description: Pass provides the count of policies whose requirements
+                  were met
+                type: integer
+              skip:
+                description: Skip indicates the count of policies that were not selected
+                  for evaluation
+                type: integer
+              warn:
+                description: Warn provides the count of non-scored policies whose
+                  requirements were not met
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources: {}
diff --git a/policy-report/docs/api-docs.md b/policy-report/docs/api-docs.md
new file mode 100644
index 0000000..cf434e2
--- /dev/null
+++ b/policy-report/docs/api-docs.md
@@ -0,0 +1,239 @@
+# API Reference
+
+## Packages
+- [reports.x-k8s.io/v1beta2](#reportsx-k8siov1beta2)
+
+
+## reports.x-k8s.io/v1beta2
+
+Package v1beta2 contains API Schema definitions for the policy v1beta2 API group
+
+Package v1beta2 contains API Schema definitions for the policy v1beta2 API group
+
+### Resource Types
+- [ClusterReport](#clusterreport)
+- [ClusterReportList](#clusterreportlist)
+- [Report](#report)
+- [ReportList](#reportlist)
+
+
+
+#### ClusterReport
+
+
+
+ClusterReport is the Schema for the clusterpolicyreports API
+
+
+
+_Appears in:_
+- [ClusterReportList](#clusterreportlist)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `apiVersion` _string_ | `reports.x-k8s.io/v1beta2` | | |
+| `kind` _string_ | `ClusterReport` | | |
+| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. |  |  |
+| `source` _string_ | Source is an identifier for the source e.g. a policy engine that manages this report.<br />Use this field if all the results are produced by a single policy engine.<br />If the results are produced by multiple sources e.g. different engines or scanners,<br />then use the Source field at the ReportResult level. |  |  |
+| `scope` _[ObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectreference-v1-core)_ | Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) |  |  |
+| `scopeSelector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#labelselector-v1-meta)_ | ScopeSelector is an optional selector for multiple scopes (e.g. Pods).<br />Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. |  |  |
+| `configuration` _[ReportConfiguration](#reportconfiguration)_ | Configuration is an optional field which can be used to specify<br />a contract between Report generators and consumers |  |  |
+| `summary` _[ReportSummary](#reportsummary)_ | ReportSummary provides a summary of results |  |  |
+| `results` _[ReportResult](#reportresult) array_ | ReportResult provides result details |  |  |
+
+
+#### ClusterReportList
+
+
+
+ClusterReportList contains a list of ClusterReport
+
+
+
+
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `apiVersion` _string_ | `reports.x-k8s.io/v1beta2` | | |
+| `kind` _string_ | `ClusterReportList` | | |
+| `metadata` _[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. |  |  |
+| `items` _[ClusterReport](#clusterreport) array_ |  |  |  |
+
+
+#### Limits
+
+
+
+
+
+
+
+_Appears in:_
+- [ReportConfiguration](#reportconfiguration)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `maxResults` _integer_ | MaxResults is the maximum number of results contained in the report |  |  |
+| `statusFilter` _[StatusFilter](#statusfilter) array_ | StatusFilter indicates that the Report contains only those reports with statuses specified in this list |  | Enum: [pass fail warn error skip] <br /> |
+
+
+#### Report
+
+
+
+Report is the Schema for the reports API
+
+
+
+_Appears in:_
+- [ReportList](#reportlist)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `apiVersion` _string_ | `reports.x-k8s.io/v1beta2` | | |
+| `kind` _string_ | `Report` | | |
+| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. |  |  |
+| `source` _string_ | Source is an identifier for the source e.g. a policy engine that manages this report.<br />Use this field if all the results are produced by a single policy engine.<br />If the results are produced by multiple sources e.g. different engines or scanners,<br />then use the Source field at the ReportResult level. |  |  |
+| `scope` _[ObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectreference-v1-core)_ | Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node) |  |  |
+| `scopeSelector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#labelselector-v1-meta)_ | ScopeSelector is an optional selector for multiple scopes (e.g. Pods).<br />Either one of, or none of, but not both of, Scope or ScopeSelector should be specified. |  |  |
+| `configuration` _[ReportConfiguration](#reportconfiguration)_ | Configuration is an optional field which can be used to specify<br />a contract between Report generators and consumers |  |  |
+| `summary` _[ReportSummary](#reportsummary)_ | ReportSummary provides a summary of results |  |  |
+| `results` _[ReportResult](#reportresult) array_ | ReportResult provides result details |  |  |
+
+
+#### ReportConfiguration
+
+
+
+
+
+
+
+_Appears in:_
+- [ClusterReport](#clusterreport)
+- [Report](#report)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `limits` _[Limits](#limits)_ |  |  |  |
+
+
+#### ReportList
+
+
+
+ReportList contains a list of Report
+
+
+
+
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `apiVersion` _string_ | `reports.x-k8s.io/v1beta2` | | |
+| `kind` _string_ | `ReportList` | | |
+| `metadata` _[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. |  |  |
+| `items` _[Report](#report) array_ |  |  |  |
+
+
+#### ReportResult
+
+
+
+ReportResult provides the result for an individual policy
+
+
+
+_Appears in:_
+- [ClusterReport](#clusterreport)
+- [Report](#report)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `source` _string_ | Source is an identifier for the policy engine that manages this report<br />If the Source is specified at this level, it will override the Source<br />field set at the Report level |  |  |
+| `policy` _string_ | Policy is the name or identifier of the policy |  |  |
+| `rule` _string_ | Rule is the name or identifier of the rule within the policy |  |  |
+| `category` _string_ | Category indicates policy category |  |  |
+| `severity` _[ResultSeverity](#resultseverity)_ | Severity indicates policy check result criticality |  | Enum: [critical high low medium info] <br /> |
+| `timestamp` _[Timestamp](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#timestamp-v1-meta)_ | Timestamp indicates the time the result was found |  |  |
+| `result` _[Result](#result)_ | Result indicates the outcome of the policy rule execution |  | Enum: [pass fail warn error skip] <br /> |
+| `scored` _boolean_ | Scored indicates if this result is scored |  |  |
+| `resources` _[ObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#objectreference-v1-core) array_ | Subjects is an optional reference to the checked Kubernetes resources |  |  |
+| `resourceSelector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#labelselector-v1-meta)_ | ResourceSelector is an optional label selector for checked Kubernetes resources.<br />For example, a policy result may apply to all pods that match a label.<br />Either a Subject or a ResourceSelector can be specified. If neither are provided, the<br />result is assumed to be for the policy report scope. |  |  |
+| `message` _string_ | Description is a short user friendly message for the policy rule |  |  |
+| `properties` _object (keys:string, values:string)_ | Properties provides additional information for the policy rule |  |  |
+
+
+#### ReportSummary
+
+
+
+ReportSummary provides a status count summary
+
+
+
+_Appears in:_
+- [ClusterReport](#clusterreport)
+- [Report](#report)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `pass` _integer_ | Pass provides the count of policies whose requirements were met |  |  |
+| `fail` _integer_ | Fail provides the count of policies whose requirements were not met |  |  |
+| `warn` _integer_ | Warn provides the count of non-scored policies whose requirements were not met |  |  |
+| `error` _integer_ | Error provides the count of policies that could not be evaluated |  |  |
+| `skip` _integer_ | Skip indicates the count of policies that were not selected for evaluation |  |  |
+
+
+#### Result
+
+_Underlying type:_ _string_
+
+Result has one of the following values:
+  - pass: the policy requirements are met
+  - fail: the policy requirements are not met
+  - warn: the policy requirements are not met and the policy is not scored
+  - error: the policy could not be evaluated
+  - skip: the policy was not selected based on user inputs or applicability
+
+_Validation:_
+- Enum: [pass fail warn error skip]
+
+_Appears in:_
+- [ReportResult](#reportresult)
+
+
+
+#### ResultSeverity
+
+_Underlying type:_ _string_
+
+ResultSeverity has one of the following values:
+  - critical
+  - high
+  - low
+  - medium
+  - info
+
+_Validation:_
+- Enum: [critical high low medium info]
+
+_Appears in:_
+- [ReportResult](#reportresult)
+
+
+
+#### StatusFilter
+
+_Underlying type:_ _string_
+
+StatusFilter is used by Report generators to write only those reports whose status is specified by the filters
+
+_Validation:_
+- Enum: [pass fail warn error skip]
+
+_Appears in:_
+- [Limits](#limits)
+
+
+
diff --git a/policy-report/docs/config.yaml b/policy-report/docs/config.yaml
new file mode 100644
index 0000000..e9d4aa9
--- /dev/null
+++ b/policy-report/docs/config.yaml
@@ -0,0 +1,15 @@
+processor:
+ ignoreGroupVersions:
+ ignoreTypes:
+ ignoreFields:
+   - "status$"
+   - "TypeMeta$"
+   - "kind$"
+   - "apiVersion$"
+ customMarkers:
+   - name: "hidefromdoc"
+     target: field
+
+render:
+ kubernetesVersion: 1.29
+ knownTypes:
diff --git a/policy-report/hack/boilerplate.go.txt b/policy-report/hack/boilerplate.go.txt
new file mode 100644
index 0000000..e332f2a
--- /dev/null
+++ b/policy-report/hack/boilerplate.go.txt
@@ -0,0 +1,15 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
\ No newline at end of file
diff --git a/policy-report/hack/codegen.go b/policy-report/hack/codegen.go
new file mode 100644
index 0000000..18f752a
--- /dev/null
+++ b/policy-report/hack/codegen.go
@@ -0,0 +1,5 @@
+package hack
+
+import (
+	_ "k8s.io/code-generator"
+)
diff --git a/policy-report/hack/update-codegen.sh b/policy-report/hack/update-codegen.sh
new file mode 100755
index 0000000..b6394d8
--- /dev/null
+++ b/policy-report/hack/update-codegen.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+# Copyright 2023 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Derived from: https://github.com/kubernetes/code-generator/blob/master/examples/hack/update-codegen.sh
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+SCRIPT_DIR="$(dirname "${BASH_SOURCE[0]}")"
+SCRIPT_ROOT="${SCRIPT_DIR}/.."
+CODEGEN_PKG="${CODEGEN_PKG:-"${SCRIPT_ROOT}/bin"}"
+
+source "${CODEGEN_PKG}/kube_codegen.sh"
+
+kube::codegen::gen_helpers \
+    --boilerplate "${SCRIPT_ROOT}/hack/boilerplate.go.txt" \
+    "${SCRIPT_ROOT}/apis"
+
+kube::codegen::gen_client \
+    --with-watch \
+    --output-dir "${SCRIPT_ROOT}/pkg/client" \
+    --output-pkg "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client" \
+    --boilerplate "${SCRIPT_ROOT}/hack/boilerplate.go.txt" \
+    "${SCRIPT_ROOT}/apis"
diff --git a/policy-report/pkg/client/clientset/versioned/clientset.go b/policy-report/pkg/client/clientset/versioned/clientset.go
new file mode 100644
index 0000000..f597377
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/clientset.go
@@ -0,0 +1,158 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package versioned
+
+import (
+	"fmt"
+	"net/http"
+
+	discovery "k8s.io/client-go/discovery"
+	rest "k8s.io/client-go/rest"
+	flowcontrol "k8s.io/client-go/util/flowcontrol"
+	reportsv1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2"
+	wgpolicyk8sv1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1"
+	wgpolicyk8sv1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2"
+	wgpolicyk8sv1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1"
+)
+
+type Interface interface {
+	Discovery() discovery.DiscoveryInterface
+	ReportsV1beta2() reportsv1beta2.ReportsV1beta2Interface
+	Wgpolicyk8sV1alpha1() wgpolicyk8sv1alpha1.Wgpolicyk8sV1alpha1Interface
+	Wgpolicyk8sV1alpha2() wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha2Interface
+	Wgpolicyk8sV1beta1() wgpolicyk8sv1beta1.Wgpolicyk8sV1beta1Interface
+}
+
+// Clientset contains the clients for groups.
+type Clientset struct {
+	*discovery.DiscoveryClient
+	reportsV1beta2      *reportsv1beta2.ReportsV1beta2Client
+	wgpolicyk8sV1alpha1 *wgpolicyk8sv1alpha1.Wgpolicyk8sV1alpha1Client
+	wgpolicyk8sV1alpha2 *wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha2Client
+	wgpolicyk8sV1beta1  *wgpolicyk8sv1beta1.Wgpolicyk8sV1beta1Client
+}
+
+// ReportsV1beta2 retrieves the ReportsV1beta2Client
+func (c *Clientset) ReportsV1beta2() reportsv1beta2.ReportsV1beta2Interface {
+	return c.reportsV1beta2
+}
+
+// Wgpolicyk8sV1alpha1 retrieves the Wgpolicyk8sV1alpha1Client
+func (c *Clientset) Wgpolicyk8sV1alpha1() wgpolicyk8sv1alpha1.Wgpolicyk8sV1alpha1Interface {
+	return c.wgpolicyk8sV1alpha1
+}
+
+// Wgpolicyk8sV1alpha2 retrieves the Wgpolicyk8sV1alpha2Client
+func (c *Clientset) Wgpolicyk8sV1alpha2() wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha2Interface {
+	return c.wgpolicyk8sV1alpha2
+}
+
+// Wgpolicyk8sV1beta1 retrieves the Wgpolicyk8sV1beta1Client
+func (c *Clientset) Wgpolicyk8sV1beta1() wgpolicyk8sv1beta1.Wgpolicyk8sV1beta1Interface {
+	return c.wgpolicyk8sV1beta1
+}
+
+// Discovery retrieves the DiscoveryClient
+func (c *Clientset) Discovery() discovery.DiscoveryInterface {
+	if c == nil {
+		return nil
+	}
+	return c.DiscoveryClient
+}
+
+// NewForConfig creates a new Clientset for the given config.
+// If config's RateLimiter is not set and QPS and Burst are acceptable,
+// NewForConfig will generate a rate-limiter in configShallowCopy.
+// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient),
+// where httpClient was generated with rest.HTTPClientFor(c).
+func NewForConfig(c *rest.Config) (*Clientset, error) {
+	configShallowCopy := *c
+
+	if configShallowCopy.UserAgent == "" {
+		configShallowCopy.UserAgent = rest.DefaultKubernetesUserAgent()
+	}
+
+	// share the transport between all clients
+	httpClient, err := rest.HTTPClientFor(&configShallowCopy)
+	if err != nil {
+		return nil, err
+	}
+
+	return NewForConfigAndClient(&configShallowCopy, httpClient)
+}
+
+// NewForConfigAndClient creates a new Clientset for the given config and http client.
+// Note the http client provided takes precedence over the configured transport values.
+// If config's RateLimiter is not set and QPS and Burst are acceptable,
+// NewForConfigAndClient will generate a rate-limiter in configShallowCopy.
+func NewForConfigAndClient(c *rest.Config, httpClient *http.Client) (*Clientset, error) {
+	configShallowCopy := *c
+	if configShallowCopy.RateLimiter == nil && configShallowCopy.QPS > 0 {
+		if configShallowCopy.Burst <= 0 {
+			return nil, fmt.Errorf("burst is required to be greater than 0 when RateLimiter is not set and QPS is set to greater than 0")
+		}
+		configShallowCopy.RateLimiter = flowcontrol.NewTokenBucketRateLimiter(configShallowCopy.QPS, configShallowCopy.Burst)
+	}
+
+	var cs Clientset
+	var err error
+	cs.reportsV1beta2, err = reportsv1beta2.NewForConfigAndClient(&configShallowCopy, httpClient)
+	if err != nil {
+		return nil, err
+	}
+	cs.wgpolicyk8sV1alpha1, err = wgpolicyk8sv1alpha1.NewForConfigAndClient(&configShallowCopy, httpClient)
+	if err != nil {
+		return nil, err
+	}
+	cs.wgpolicyk8sV1alpha2, err = wgpolicyk8sv1alpha2.NewForConfigAndClient(&configShallowCopy, httpClient)
+	if err != nil {
+		return nil, err
+	}
+	cs.wgpolicyk8sV1beta1, err = wgpolicyk8sv1beta1.NewForConfigAndClient(&configShallowCopy, httpClient)
+	if err != nil {
+		return nil, err
+	}
+
+	cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfigAndClient(&configShallowCopy, httpClient)
+	if err != nil {
+		return nil, err
+	}
+	return &cs, nil
+}
+
+// NewForConfigOrDie creates a new Clientset for the given config and
+// panics if there is an error in the config.
+func NewForConfigOrDie(c *rest.Config) *Clientset {
+	cs, err := NewForConfig(c)
+	if err != nil {
+		panic(err)
+	}
+	return cs
+}
+
+// New creates a new Clientset for the given RESTClient.
+func New(c rest.Interface) *Clientset {
+	var cs Clientset
+	cs.reportsV1beta2 = reportsv1beta2.New(c)
+	cs.wgpolicyk8sV1alpha1 = wgpolicyk8sv1alpha1.New(c)
+	cs.wgpolicyk8sV1alpha2 = wgpolicyk8sv1alpha2.New(c)
+	cs.wgpolicyk8sV1beta1 = wgpolicyk8sv1beta1.New(c)
+
+	cs.DiscoveryClient = discovery.NewDiscoveryClient(c)
+	return &cs
+}
diff --git a/policy-report/pkg/client/clientset/versioned/fake/clientset_generated.go b/policy-report/pkg/client/clientset/versioned/fake/clientset_generated.go
new file mode 100644
index 0000000..82b26d3
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/fake/clientset_generated.go
@@ -0,0 +1,105 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/watch"
+	"k8s.io/client-go/discovery"
+	fakediscovery "k8s.io/client-go/discovery/fake"
+	"k8s.io/client-go/testing"
+	clientset "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned"
+	reportsv1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2"
+	fakereportsv1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake"
+	wgpolicyk8sv1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1"
+	fakewgpolicyk8sv1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake"
+	wgpolicyk8sv1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2"
+	fakewgpolicyk8sv1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake"
+	wgpolicyk8sv1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1"
+	fakewgpolicyk8sv1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake"
+)
+
+// NewSimpleClientset returns a clientset that will respond with the provided objects.
+// It's backed by a very simple object tracker that processes creates, updates and deletions as-is,
+// without applying any validations and/or defaults. It shouldn't be considered a replacement
+// for a real clientset and is mostly useful in simple unit tests.
+func NewSimpleClientset(objects ...runtime.Object) *Clientset {
+	o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder())
+	for _, obj := range objects {
+		if err := o.Add(obj); err != nil {
+			panic(err)
+		}
+	}
+
+	cs := &Clientset{tracker: o}
+	cs.discovery = &fakediscovery.FakeDiscovery{Fake: &cs.Fake}
+	cs.AddReactor("*", "*", testing.ObjectReaction(o))
+	cs.AddWatchReactor("*", func(action testing.Action) (handled bool, ret watch.Interface, err error) {
+		gvr := action.GetResource()
+		ns := action.GetNamespace()
+		watch, err := o.Watch(gvr, ns)
+		if err != nil {
+			return false, nil, err
+		}
+		return true, watch, nil
+	})
+
+	return cs
+}
+
+// Clientset implements clientset.Interface. Meant to be embedded into a
+// struct to get a default implementation. This makes faking out just the method
+// you want to test easier.
+type Clientset struct {
+	testing.Fake
+	discovery *fakediscovery.FakeDiscovery
+	tracker   testing.ObjectTracker
+}
+
+func (c *Clientset) Discovery() discovery.DiscoveryInterface {
+	return c.discovery
+}
+
+func (c *Clientset) Tracker() testing.ObjectTracker {
+	return c.tracker
+}
+
+var (
+	_ clientset.Interface = &Clientset{}
+	_ testing.FakeClient  = &Clientset{}
+)
+
+// ReportsV1beta2 retrieves the ReportsV1beta2Client
+func (c *Clientset) ReportsV1beta2() reportsv1beta2.ReportsV1beta2Interface {
+	return &fakereportsv1beta2.FakeReportsV1beta2{Fake: &c.Fake}
+}
+
+// Wgpolicyk8sV1alpha1 retrieves the Wgpolicyk8sV1alpha1Client
+func (c *Clientset) Wgpolicyk8sV1alpha1() wgpolicyk8sv1alpha1.Wgpolicyk8sV1alpha1Interface {
+	return &fakewgpolicyk8sv1alpha1.FakeWgpolicyk8sV1alpha1{Fake: &c.Fake}
+}
+
+// Wgpolicyk8sV1alpha2 retrieves the Wgpolicyk8sV1alpha2Client
+func (c *Clientset) Wgpolicyk8sV1alpha2() wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha2Interface {
+	return &fakewgpolicyk8sv1alpha2.FakeWgpolicyk8sV1alpha2{Fake: &c.Fake}
+}
+
+// Wgpolicyk8sV1beta1 retrieves the Wgpolicyk8sV1beta1Client
+func (c *Clientset) Wgpolicyk8sV1beta1() wgpolicyk8sv1beta1.Wgpolicyk8sV1beta1Interface {
+	return &fakewgpolicyk8sv1beta1.FakeWgpolicyk8sV1beta1{Fake: &c.Fake}
+}
diff --git a/policy-report/pkg/client/clientset/versioned/fake/doc.go b/policy-report/pkg/client/clientset/versioned/fake/doc.go
new file mode 100644
index 0000000..5fae9fd
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/fake/doc.go
@@ -0,0 +1,19 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+// This package has the automatically generated fake clientset.
+package fake
diff --git a/policy-report/pkg/client/clientset/versioned/fake/register.go b/policy-report/pkg/client/clientset/versioned/fake/register.go
new file mode 100644
index 0000000..b3fe634
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/fake/register.go
@@ -0,0 +1,61 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
+	serializer "k8s.io/apimachinery/pkg/runtime/serializer"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+	reportsv1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2"
+	wgpolicyk8sv1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1"
+	wgpolicyk8sv1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2"
+	wgpolicyk8sv1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1"
+)
+
+var scheme = runtime.NewScheme()
+var codecs = serializer.NewCodecFactory(scheme)
+
+var localSchemeBuilder = runtime.SchemeBuilder{
+	reportsv1beta2.AddToScheme,
+	wgpolicyk8sv1alpha1.AddToScheme,
+	wgpolicyk8sv1alpha2.AddToScheme,
+	wgpolicyk8sv1beta1.AddToScheme,
+}
+
+// AddToScheme adds all types of this clientset into the given scheme. This allows composition
+// of clientsets, like in:
+//
+//	import (
+//	  "k8s.io/client-go/kubernetes"
+//	  clientsetscheme "k8s.io/client-go/kubernetes/scheme"
+//	  aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme"
+//	)
+//
+//	kclientset, _ := kubernetes.NewForConfig(c)
+//	_ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme)
+//
+// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types
+// correctly.
+var AddToScheme = localSchemeBuilder.AddToScheme
+
+func init() {
+	v1.AddToGroupVersion(scheme, schema.GroupVersion{Version: "v1"})
+	utilruntime.Must(AddToScheme(scheme))
+}
diff --git a/policy-report/pkg/client/clientset/versioned/scheme/doc.go b/policy-report/pkg/client/clientset/versioned/scheme/doc.go
new file mode 100644
index 0000000..16d8889
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/scheme/doc.go
@@ -0,0 +1,19 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+// This package contains the scheme of the automatically generated clientset.
+package scheme
diff --git a/policy-report/pkg/client/clientset/versioned/scheme/register.go b/policy-report/pkg/client/clientset/versioned/scheme/register.go
new file mode 100644
index 0000000..f60527e
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/scheme/register.go
@@ -0,0 +1,61 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package scheme
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
+	serializer "k8s.io/apimachinery/pkg/runtime/serializer"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+	reportsv1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2"
+	wgpolicyk8sv1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1"
+	wgpolicyk8sv1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2"
+	wgpolicyk8sv1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1"
+)
+
+var Scheme = runtime.NewScheme()
+var Codecs = serializer.NewCodecFactory(Scheme)
+var ParameterCodec = runtime.NewParameterCodec(Scheme)
+var localSchemeBuilder = runtime.SchemeBuilder{
+	reportsv1beta2.AddToScheme,
+	wgpolicyk8sv1alpha1.AddToScheme,
+	wgpolicyk8sv1alpha2.AddToScheme,
+	wgpolicyk8sv1beta1.AddToScheme,
+}
+
+// AddToScheme adds all types of this clientset into the given scheme. This allows composition
+// of clientsets, like in:
+//
+//	import (
+//	  "k8s.io/client-go/kubernetes"
+//	  clientsetscheme "k8s.io/client-go/kubernetes/scheme"
+//	  aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme"
+//	)
+//
+//	kclientset, _ := kubernetes.NewForConfig(c)
+//	_ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme)
+//
+// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types
+// correctly.
+var AddToScheme = localSchemeBuilder.AddToScheme
+
+func init() {
+	v1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"})
+	utilruntime.Must(AddToScheme(Scheme))
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/clusterreport.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/clusterreport.go
new file mode 100644
index 0000000..9dcb945
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/clusterreport.go
@@ -0,0 +1,167 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1beta2
+
+import (
+	"context"
+	"time"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+	v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2"
+	scheme "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme"
+)
+
+// ClusterReportsGetter has a method to return a ClusterReportInterface.
+// A group's client should implement this interface.
+type ClusterReportsGetter interface {
+	ClusterReports() ClusterReportInterface
+}
+
+// ClusterReportInterface has methods to work with ClusterReport resources.
+type ClusterReportInterface interface {
+	Create(ctx context.Context, clusterReport *v1beta2.ClusterReport, opts v1.CreateOptions) (*v1beta2.ClusterReport, error)
+	Update(ctx context.Context, clusterReport *v1beta2.ClusterReport, opts v1.UpdateOptions) (*v1beta2.ClusterReport, error)
+	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+	Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta2.ClusterReport, error)
+	List(ctx context.Context, opts v1.ListOptions) (*v1beta2.ClusterReportList, error)
+	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.ClusterReport, err error)
+	ClusterReportExpansion
+}
+
+// clusterReports implements ClusterReportInterface
+type clusterReports struct {
+	client rest.Interface
+}
+
+// newClusterReports returns a ClusterReports
+func newClusterReports(c *ReportsV1beta2Client) *clusterReports {
+	return &clusterReports{
+		client: c.RESTClient(),
+	}
+}
+
+// Get takes name of the clusterReport, and returns the corresponding clusterReport object, and an error if there is any.
+func (c *clusterReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.ClusterReport, err error) {
+	result = &v1beta2.ClusterReport{}
+	err = c.client.Get().
+		Resource("clusterreports").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of ClusterReports that match those selectors.
+func (c *clusterReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta2.ClusterReportList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1beta2.ClusterReportList{}
+	err = c.client.Get().
+		Resource("clusterreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested clusterReports.
+func (c *clusterReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Resource("clusterreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a clusterReport and creates it.  Returns the server's representation of the clusterReport, and an error, if there is any.
+func (c *clusterReports) Create(ctx context.Context, clusterReport *v1beta2.ClusterReport, opts v1.CreateOptions) (result *v1beta2.ClusterReport, err error) {
+	result = &v1beta2.ClusterReport{}
+	err = c.client.Post().
+		Resource("clusterreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(clusterReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a clusterReport and updates it. Returns the server's representation of the clusterReport, and an error, if there is any.
+func (c *clusterReports) Update(ctx context.Context, clusterReport *v1beta2.ClusterReport, opts v1.UpdateOptions) (result *v1beta2.ClusterReport, err error) {
+	result = &v1beta2.ClusterReport{}
+	err = c.client.Put().
+		Resource("clusterreports").
+		Name(clusterReport.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(clusterReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the clusterReport and deletes it. Returns an error if one occurs.
+func (c *clusterReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	return c.client.Delete().
+		Resource("clusterreports").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *clusterReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Resource("clusterreports").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched clusterReport.
+func (c *clusterReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.ClusterReport, err error) {
+	result = &v1beta2.ClusterReport{}
+	err = c.client.Patch(pt).
+		Resource("clusterreports").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/doc.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/doc.go
new file mode 100644
index 0000000..bfa7cbb
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/doc.go
@@ -0,0 +1,19 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+// This package has the automatically generated typed clients.
+package v1beta2
diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/doc.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/doc.go
new file mode 100644
index 0000000..3b00159
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/doc.go
@@ -0,0 +1,19 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+// Package fake has the automatically generated clients.
+package fake
diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_clusterreport.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_clusterreport.go
new file mode 100644
index 0000000..5eb93e6
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_clusterreport.go
@@ -0,0 +1,120 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+	v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2"
+)
+
+// FakeClusterReports implements ClusterReportInterface
+type FakeClusterReports struct {
+	Fake *FakeReportsV1beta2
+}
+
+var clusterreportsResource = v1beta2.SchemeGroupVersion.WithResource("clusterreports")
+
+var clusterreportsKind = v1beta2.SchemeGroupVersion.WithKind("ClusterReport")
+
+// Get takes name of the clusterReport, and returns the corresponding clusterReport object, and an error if there is any.
+func (c *FakeClusterReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.ClusterReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootGetAction(clusterreportsResource, name), &v1beta2.ClusterReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta2.ClusterReport), err
+}
+
+// List takes label and field selectors, and returns the list of ClusterReports that match those selectors.
+func (c *FakeClusterReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta2.ClusterReportList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootListAction(clusterreportsResource, clusterreportsKind, opts), &v1beta2.ClusterReportList{})
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1beta2.ClusterReportList{ListMeta: obj.(*v1beta2.ClusterReportList).ListMeta}
+	for _, item := range obj.(*v1beta2.ClusterReportList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested clusterReports.
+func (c *FakeClusterReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewRootWatchAction(clusterreportsResource, opts))
+}
+
+// Create takes the representation of a clusterReport and creates it.  Returns the server's representation of the clusterReport, and an error, if there is any.
+func (c *FakeClusterReports) Create(ctx context.Context, clusterReport *v1beta2.ClusterReport, opts v1.CreateOptions) (result *v1beta2.ClusterReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootCreateAction(clusterreportsResource, clusterReport), &v1beta2.ClusterReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta2.ClusterReport), err
+}
+
+// Update takes the representation of a clusterReport and updates it. Returns the server's representation of the clusterReport, and an error, if there is any.
+func (c *FakeClusterReports) Update(ctx context.Context, clusterReport *v1beta2.ClusterReport, opts v1.UpdateOptions) (result *v1beta2.ClusterReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateAction(clusterreportsResource, clusterReport), &v1beta2.ClusterReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta2.ClusterReport), err
+}
+
+// Delete takes name of the clusterReport and deletes it. Returns an error if one occurs.
+func (c *FakeClusterReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewRootDeleteActionWithOptions(clusterreportsResource, name, opts), &v1beta2.ClusterReport{})
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeClusterReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	action := testing.NewRootDeleteCollectionAction(clusterreportsResource, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v1beta2.ClusterReportList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched clusterReport.
+func (c *FakeClusterReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.ClusterReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootPatchSubresourceAction(clusterreportsResource, name, pt, data, subresources...), &v1beta2.ClusterReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta2.ClusterReport), err
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_report.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_report.go
new file mode 100644
index 0000000..a49c196
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_report.go
@@ -0,0 +1,128 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+	v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2"
+)
+
+// FakeReports implements ReportInterface
+type FakeReports struct {
+	Fake *FakeReportsV1beta2
+	ns   string
+}
+
+var reportsResource = v1beta2.SchemeGroupVersion.WithResource("reports")
+
+var reportsKind = v1beta2.SchemeGroupVersion.WithKind("Report")
+
+// Get takes name of the report, and returns the corresponding report object, and an error if there is any.
+func (c *FakeReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.Report, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewGetAction(reportsResource, c.ns, name), &v1beta2.Report{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta2.Report), err
+}
+
+// List takes label and field selectors, and returns the list of Reports that match those selectors.
+func (c *FakeReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta2.ReportList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewListAction(reportsResource, reportsKind, c.ns, opts), &v1beta2.ReportList{})
+
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1beta2.ReportList{ListMeta: obj.(*v1beta2.ReportList).ListMeta}
+	for _, item := range obj.(*v1beta2.ReportList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested reports.
+func (c *FakeReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewWatchAction(reportsResource, c.ns, opts))
+
+}
+
+// Create takes the representation of a report and creates it.  Returns the server's representation of the report, and an error, if there is any.
+func (c *FakeReports) Create(ctx context.Context, report *v1beta2.Report, opts v1.CreateOptions) (result *v1beta2.Report, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewCreateAction(reportsResource, c.ns, report), &v1beta2.Report{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta2.Report), err
+}
+
+// Update takes the representation of a report and updates it. Returns the server's representation of the report, and an error, if there is any.
+func (c *FakeReports) Update(ctx context.Context, report *v1beta2.Report, opts v1.UpdateOptions) (result *v1beta2.Report, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateAction(reportsResource, c.ns, report), &v1beta2.Report{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta2.Report), err
+}
+
+// Delete takes name of the report and deletes it. Returns an error if one occurs.
+func (c *FakeReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewDeleteActionWithOptions(reportsResource, c.ns, name, opts), &v1beta2.Report{})
+
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	action := testing.NewDeleteCollectionAction(reportsResource, c.ns, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v1beta2.ReportList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched report.
+func (c *FakeReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.Report, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewPatchSubresourceAction(reportsResource, c.ns, name, pt, data, subresources...), &v1beta2.Report{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta2.Report), err
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_reports.x-k8s.io_client.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_reports.x-k8s.io_client.go
new file mode 100644
index 0000000..3431db8
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/fake/fake_reports.x-k8s.io_client.go
@@ -0,0 +1,43 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	rest "k8s.io/client-go/rest"
+	testing "k8s.io/client-go/testing"
+	v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2"
+)
+
+type FakeReportsV1beta2 struct {
+	*testing.Fake
+}
+
+func (c *FakeReportsV1beta2) ClusterReports() v1beta2.ClusterReportInterface {
+	return &FakeClusterReports{c}
+}
+
+func (c *FakeReportsV1beta2) Reports(namespace string) v1beta2.ReportInterface {
+	return &FakeReports{c, namespace}
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *FakeReportsV1beta2) RESTClient() rest.Interface {
+	var ret *rest.RESTClient
+	return ret
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/generated_expansion.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/generated_expansion.go
new file mode 100644
index 0000000..dde8e6c
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/generated_expansion.go
@@ -0,0 +1,22 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1beta2
+
+type ClusterReportExpansion interface{}
+
+type ReportExpansion interface{}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/report.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/report.go
new file mode 100644
index 0000000..3763543
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/report.go
@@ -0,0 +1,177 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1beta2
+
+import (
+	"context"
+	"time"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+	v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2"
+	scheme "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme"
+)
+
+// ReportsGetter has a method to return a ReportInterface.
+// A group's client should implement this interface.
+type ReportsGetter interface {
+	Reports(namespace string) ReportInterface
+}
+
+// ReportInterface has methods to work with Report resources.
+type ReportInterface interface {
+	Create(ctx context.Context, report *v1beta2.Report, opts v1.CreateOptions) (*v1beta2.Report, error)
+	Update(ctx context.Context, report *v1beta2.Report, opts v1.UpdateOptions) (*v1beta2.Report, error)
+	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+	Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta2.Report, error)
+	List(ctx context.Context, opts v1.ListOptions) (*v1beta2.ReportList, error)
+	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.Report, err error)
+	ReportExpansion
+}
+
+// reports implements ReportInterface
+type reports struct {
+	client rest.Interface
+	ns     string
+}
+
+// newReports returns a Reports
+func newReports(c *ReportsV1beta2Client, namespace string) *reports {
+	return &reports{
+		client: c.RESTClient(),
+		ns:     namespace,
+	}
+}
+
+// Get takes name of the report, and returns the corresponding report object, and an error if there is any.
+func (c *reports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta2.Report, err error) {
+	result = &v1beta2.Report{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("reports").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of Reports that match those selectors.
+func (c *reports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta2.ReportList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1beta2.ReportList{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("reports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested reports.
+func (c *reports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Namespace(c.ns).
+		Resource("reports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a report and creates it.  Returns the server's representation of the report, and an error, if there is any.
+func (c *reports) Create(ctx context.Context, report *v1beta2.Report, opts v1.CreateOptions) (result *v1beta2.Report, err error) {
+	result = &v1beta2.Report{}
+	err = c.client.Post().
+		Namespace(c.ns).
+		Resource("reports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(report).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a report and updates it. Returns the server's representation of the report, and an error, if there is any.
+func (c *reports) Update(ctx context.Context, report *v1beta2.Report, opts v1.UpdateOptions) (result *v1beta2.Report, err error) {
+	result = &v1beta2.Report{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("reports").
+		Name(report.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(report).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the report and deletes it. Returns an error if one occurs.
+func (c *reports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("reports").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *reports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("reports").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched report.
+func (c *reports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta2.Report, err error) {
+	result = &v1beta2.Report{}
+	err = c.client.Patch(pt).
+		Namespace(c.ns).
+		Resource("reports").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/reports.x-k8s.io_client.go b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/reports.x-k8s.io_client.go
new file mode 100644
index 0000000..998c9c9
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/reports.x-k8s.io/v1beta2/reports.x-k8s.io_client.go
@@ -0,0 +1,111 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1beta2
+
+import (
+	"net/http"
+
+	rest "k8s.io/client-go/rest"
+	v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2"
+	"sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme"
+)
+
+type ReportsV1beta2Interface interface {
+	RESTClient() rest.Interface
+	ClusterReportsGetter
+	ReportsGetter
+}
+
+// ReportsV1beta2Client is used to interact with features provided by the reports.x-k8s.io group.
+type ReportsV1beta2Client struct {
+	restClient rest.Interface
+}
+
+func (c *ReportsV1beta2Client) ClusterReports() ClusterReportInterface {
+	return newClusterReports(c)
+}
+
+func (c *ReportsV1beta2Client) Reports(namespace string) ReportInterface {
+	return newReports(c, namespace)
+}
+
+// NewForConfig creates a new ReportsV1beta2Client for the given config.
+// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient),
+// where httpClient was generated with rest.HTTPClientFor(c).
+func NewForConfig(c *rest.Config) (*ReportsV1beta2Client, error) {
+	config := *c
+	if err := setConfigDefaults(&config); err != nil {
+		return nil, err
+	}
+	httpClient, err := rest.HTTPClientFor(&config)
+	if err != nil {
+		return nil, err
+	}
+	return NewForConfigAndClient(&config, httpClient)
+}
+
+// NewForConfigAndClient creates a new ReportsV1beta2Client for the given config and http client.
+// Note the http client provided takes precedence over the configured transport values.
+func NewForConfigAndClient(c *rest.Config, h *http.Client) (*ReportsV1beta2Client, error) {
+	config := *c
+	if err := setConfigDefaults(&config); err != nil {
+		return nil, err
+	}
+	client, err := rest.RESTClientForConfigAndClient(&config, h)
+	if err != nil {
+		return nil, err
+	}
+	return &ReportsV1beta2Client{client}, nil
+}
+
+// NewForConfigOrDie creates a new ReportsV1beta2Client for the given config and
+// panics if there is an error in the config.
+func NewForConfigOrDie(c *rest.Config) *ReportsV1beta2Client {
+	client, err := NewForConfig(c)
+	if err != nil {
+		panic(err)
+	}
+	return client
+}
+
+// New creates a new ReportsV1beta2Client for the given RESTClient.
+func New(c rest.Interface) *ReportsV1beta2Client {
+	return &ReportsV1beta2Client{c}
+}
+
+func setConfigDefaults(config *rest.Config) error {
+	gv := v1beta2.SchemeGroupVersion
+	config.GroupVersion = &gv
+	config.APIPath = "/apis"
+	config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
+
+	if config.UserAgent == "" {
+		config.UserAgent = rest.DefaultKubernetesUserAgent()
+	}
+
+	return nil
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *ReportsV1beta2Client) RESTClient() rest.Interface {
+	if c == nil {
+		return nil
+	}
+	return c.restClient
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/clusterpolicyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/clusterpolicyreport.go
new file mode 100644
index 0000000..329ec73
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/clusterpolicyreport.go
@@ -0,0 +1,167 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"context"
+	"time"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+	v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1"
+	scheme "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme"
+)
+
+// ClusterPolicyReportsGetter has a method to return a ClusterPolicyReportInterface.
+// A group's client should implement this interface.
+type ClusterPolicyReportsGetter interface {
+	ClusterPolicyReports() ClusterPolicyReportInterface
+}
+
+// ClusterPolicyReportInterface has methods to work with ClusterPolicyReport resources.
+type ClusterPolicyReportInterface interface {
+	Create(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.CreateOptions) (*v1alpha1.ClusterPolicyReport, error)
+	Update(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.UpdateOptions) (*v1alpha1.ClusterPolicyReport, error)
+	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+	Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.ClusterPolicyReport, error)
+	List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ClusterPolicyReportList, error)
+	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterPolicyReport, err error)
+	ClusterPolicyReportExpansion
+}
+
+// clusterPolicyReports implements ClusterPolicyReportInterface
+type clusterPolicyReports struct {
+	client rest.Interface
+}
+
+// newClusterPolicyReports returns a ClusterPolicyReports
+func newClusterPolicyReports(c *Wgpolicyk8sV1alpha1Client) *clusterPolicyReports {
+	return &clusterPolicyReports{
+		client: c.RESTClient(),
+	}
+}
+
+// Get takes name of the clusterPolicyReport, and returns the corresponding clusterPolicyReport object, and an error if there is any.
+func (c *clusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ClusterPolicyReport, err error) {
+	result = &v1alpha1.ClusterPolicyReport{}
+	err = c.client.Get().
+		Resource("clusterpolicyreports").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of ClusterPolicyReports that match those selectors.
+func (c *clusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ClusterPolicyReportList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1alpha1.ClusterPolicyReportList{}
+	err = c.client.Get().
+		Resource("clusterpolicyreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested clusterPolicyReports.
+func (c *clusterPolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Resource("clusterpolicyreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a clusterPolicyReport and creates it.  Returns the server's representation of the clusterPolicyReport, and an error, if there is any.
+func (c *clusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.CreateOptions) (result *v1alpha1.ClusterPolicyReport, err error) {
+	result = &v1alpha1.ClusterPolicyReport{}
+	err = c.client.Post().
+		Resource("clusterpolicyreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(clusterPolicyReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a clusterPolicyReport and updates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any.
+func (c *clusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1alpha1.ClusterPolicyReport, err error) {
+	result = &v1alpha1.ClusterPolicyReport{}
+	err = c.client.Put().
+		Resource("clusterpolicyreports").
+		Name(clusterPolicyReport.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(clusterPolicyReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the clusterPolicyReport and deletes it. Returns an error if one occurs.
+func (c *clusterPolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	return c.client.Delete().
+		Resource("clusterpolicyreports").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *clusterPolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Resource("clusterpolicyreports").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched clusterPolicyReport.
+func (c *clusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterPolicyReport, err error) {
+	result = &v1alpha1.ClusterPolicyReport{}
+	err = c.client.Patch(pt).
+		Resource("clusterpolicyreports").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/doc.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/doc.go
new file mode 100644
index 0000000..5d69c12
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/doc.go
@@ -0,0 +1,19 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+// This package has the automatically generated typed clients.
+package v1alpha1
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/doc.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/doc.go
new file mode 100644
index 0000000..3b00159
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/doc.go
@@ -0,0 +1,19 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+// Package fake has the automatically generated clients.
+package fake
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/fake_clusterpolicyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/fake_clusterpolicyreport.go
new file mode 100644
index 0000000..733099a
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/fake_clusterpolicyreport.go
@@ -0,0 +1,120 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+	v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1"
+)
+
+// FakeClusterPolicyReports implements ClusterPolicyReportInterface
+type FakeClusterPolicyReports struct {
+	Fake *FakeWgpolicyk8sV1alpha1
+}
+
+var clusterpolicyreportsResource = v1alpha1.SchemeGroupVersion.WithResource("clusterpolicyreports")
+
+var clusterpolicyreportsKind = v1alpha1.SchemeGroupVersion.WithKind("ClusterPolicyReport")
+
+// Get takes name of the clusterPolicyReport, and returns the corresponding clusterPolicyReport object, and an error if there is any.
+func (c *FakeClusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ClusterPolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootGetAction(clusterpolicyreportsResource, name), &v1alpha1.ClusterPolicyReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.ClusterPolicyReport), err
+}
+
+// List takes label and field selectors, and returns the list of ClusterPolicyReports that match those selectors.
+func (c *FakeClusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ClusterPolicyReportList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootListAction(clusterpolicyreportsResource, clusterpolicyreportsKind, opts), &v1alpha1.ClusterPolicyReportList{})
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1alpha1.ClusterPolicyReportList{ListMeta: obj.(*v1alpha1.ClusterPolicyReportList).ListMeta}
+	for _, item := range obj.(*v1alpha1.ClusterPolicyReportList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested clusterPolicyReports.
+func (c *FakeClusterPolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewRootWatchAction(clusterpolicyreportsResource, opts))
+}
+
+// Create takes the representation of a clusterPolicyReport and creates it.  Returns the server's representation of the clusterPolicyReport, and an error, if there is any.
+func (c *FakeClusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.CreateOptions) (result *v1alpha1.ClusterPolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootCreateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1alpha1.ClusterPolicyReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.ClusterPolicyReport), err
+}
+
+// Update takes the representation of a clusterPolicyReport and updates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any.
+func (c *FakeClusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1alpha1.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1alpha1.ClusterPolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1alpha1.ClusterPolicyReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.ClusterPolicyReport), err
+}
+
+// Delete takes name of the clusterPolicyReport and deletes it. Returns an error if one occurs.
+func (c *FakeClusterPolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewRootDeleteActionWithOptions(clusterpolicyreportsResource, name, opts), &v1alpha1.ClusterPolicyReport{})
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeClusterPolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	action := testing.NewRootDeleteCollectionAction(clusterpolicyreportsResource, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v1alpha1.ClusterPolicyReportList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched clusterPolicyReport.
+func (c *FakeClusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ClusterPolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootPatchSubresourceAction(clusterpolicyreportsResource, name, pt, data, subresources...), &v1alpha1.ClusterPolicyReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.ClusterPolicyReport), err
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/fake_policyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/fake_policyreport.go
new file mode 100644
index 0000000..e05f1e5
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/fake_policyreport.go
@@ -0,0 +1,128 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+	v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1"
+)
+
+// FakePolicyReports implements PolicyReportInterface
+type FakePolicyReports struct {
+	Fake *FakeWgpolicyk8sV1alpha1
+	ns   string
+}
+
+var policyreportsResource = v1alpha1.SchemeGroupVersion.WithResource("policyreports")
+
+var policyreportsKind = v1alpha1.SchemeGroupVersion.WithKind("PolicyReport")
+
+// Get takes name of the policyReport, and returns the corresponding policyReport object, and an error if there is any.
+func (c *FakePolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.PolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewGetAction(policyreportsResource, c.ns, name), &v1alpha1.PolicyReport{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.PolicyReport), err
+}
+
+// List takes label and field selectors, and returns the list of PolicyReports that match those selectors.
+func (c *FakePolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PolicyReportList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewListAction(policyreportsResource, policyreportsKind, c.ns, opts), &v1alpha1.PolicyReportList{})
+
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1alpha1.PolicyReportList{ListMeta: obj.(*v1alpha1.PolicyReportList).ListMeta}
+	for _, item := range obj.(*v1alpha1.PolicyReportList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested policyReports.
+func (c *FakePolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewWatchAction(policyreportsResource, c.ns, opts))
+
+}
+
+// Create takes the representation of a policyReport and creates it.  Returns the server's representation of the policyReport, and an error, if there is any.
+func (c *FakePolicyReports) Create(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.CreateOptions) (result *v1alpha1.PolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewCreateAction(policyreportsResource, c.ns, policyReport), &v1alpha1.PolicyReport{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.PolicyReport), err
+}
+
+// Update takes the representation of a policyReport and updates it. Returns the server's representation of the policyReport, and an error, if there is any.
+func (c *FakePolicyReports) Update(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.UpdateOptions) (result *v1alpha1.PolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateAction(policyreportsResource, c.ns, policyReport), &v1alpha1.PolicyReport{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.PolicyReport), err
+}
+
+// Delete takes name of the policyReport and deletes it. Returns an error if one occurs.
+func (c *FakePolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewDeleteActionWithOptions(policyreportsResource, c.ns, name, opts), &v1alpha1.PolicyReport{})
+
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakePolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	action := testing.NewDeleteCollectionAction(policyreportsResource, c.ns, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v1alpha1.PolicyReportList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched policyReport.
+func (c *FakePolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewPatchSubresourceAction(policyreportsResource, c.ns, name, pt, data, subresources...), &v1alpha1.PolicyReport{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.PolicyReport), err
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/fake_wgpolicyk8s.io_client.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/fake_wgpolicyk8s.io_client.go
new file mode 100644
index 0000000..bf5180f
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/fake/fake_wgpolicyk8s.io_client.go
@@ -0,0 +1,43 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	rest "k8s.io/client-go/rest"
+	testing "k8s.io/client-go/testing"
+	v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1"
+)
+
+type FakeWgpolicyk8sV1alpha1 struct {
+	*testing.Fake
+}
+
+func (c *FakeWgpolicyk8sV1alpha1) ClusterPolicyReports() v1alpha1.ClusterPolicyReportInterface {
+	return &FakeClusterPolicyReports{c}
+}
+
+func (c *FakeWgpolicyk8sV1alpha1) PolicyReports(namespace string) v1alpha1.PolicyReportInterface {
+	return &FakePolicyReports{c, namespace}
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *FakeWgpolicyk8sV1alpha1) RESTClient() rest.Interface {
+	var ret *rest.RESTClient
+	return ret
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/generated_expansion.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/generated_expansion.go
new file mode 100644
index 0000000..5f3f1ab
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/generated_expansion.go
@@ -0,0 +1,22 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+type ClusterPolicyReportExpansion interface{}
+
+type PolicyReportExpansion interface{}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/policyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/policyreport.go
new file mode 100644
index 0000000..c5e6d80
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/policyreport.go
@@ -0,0 +1,177 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"context"
+	"time"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+	v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1"
+	scheme "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme"
+)
+
+// PolicyReportsGetter has a method to return a PolicyReportInterface.
+// A group's client should implement this interface.
+type PolicyReportsGetter interface {
+	PolicyReports(namespace string) PolicyReportInterface
+}
+
+// PolicyReportInterface has methods to work with PolicyReport resources.
+type PolicyReportInterface interface {
+	Create(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.CreateOptions) (*v1alpha1.PolicyReport, error)
+	Update(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.UpdateOptions) (*v1alpha1.PolicyReport, error)
+	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+	Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.PolicyReport, error)
+	List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.PolicyReportList, error)
+	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PolicyReport, err error)
+	PolicyReportExpansion
+}
+
+// policyReports implements PolicyReportInterface
+type policyReports struct {
+	client rest.Interface
+	ns     string
+}
+
+// newPolicyReports returns a PolicyReports
+func newPolicyReports(c *Wgpolicyk8sV1alpha1Client, namespace string) *policyReports {
+	return &policyReports{
+		client: c.RESTClient(),
+		ns:     namespace,
+	}
+}
+
+// Get takes name of the policyReport, and returns the corresponding policyReport object, and an error if there is any.
+func (c *policyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.PolicyReport, err error) {
+	result = &v1alpha1.PolicyReport{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("policyreports").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of PolicyReports that match those selectors.
+func (c *policyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.PolicyReportList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1alpha1.PolicyReportList{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("policyreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested policyReports.
+func (c *policyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Namespace(c.ns).
+		Resource("policyreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a policyReport and creates it.  Returns the server's representation of the policyReport, and an error, if there is any.
+func (c *policyReports) Create(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.CreateOptions) (result *v1alpha1.PolicyReport, err error) {
+	result = &v1alpha1.PolicyReport{}
+	err = c.client.Post().
+		Namespace(c.ns).
+		Resource("policyreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(policyReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a policyReport and updates it. Returns the server's representation of the policyReport, and an error, if there is any.
+func (c *policyReports) Update(ctx context.Context, policyReport *v1alpha1.PolicyReport, opts v1.UpdateOptions) (result *v1alpha1.PolicyReport, err error) {
+	result = &v1alpha1.PolicyReport{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("policyreports").
+		Name(policyReport.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(policyReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the policyReport and deletes it. Returns an error if one occurs.
+func (c *policyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("policyreports").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *policyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("policyreports").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched policyReport.
+func (c *policyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.PolicyReport, err error) {
+	result = &v1alpha1.PolicyReport{}
+	err = c.client.Patch(pt).
+		Namespace(c.ns).
+		Resource("policyreports").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/wgpolicyk8s.io_client.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/wgpolicyk8s.io_client.go
new file mode 100644
index 0000000..4c01be3
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha1/wgpolicyk8s.io_client.go
@@ -0,0 +1,111 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"net/http"
+
+	rest "k8s.io/client-go/rest"
+	v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1"
+	"sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme"
+)
+
+type Wgpolicyk8sV1alpha1Interface interface {
+	RESTClient() rest.Interface
+	ClusterPolicyReportsGetter
+	PolicyReportsGetter
+}
+
+// Wgpolicyk8sV1alpha1Client is used to interact with features provided by the wgpolicyk8s.io group.
+type Wgpolicyk8sV1alpha1Client struct {
+	restClient rest.Interface
+}
+
+func (c *Wgpolicyk8sV1alpha1Client) ClusterPolicyReports() ClusterPolicyReportInterface {
+	return newClusterPolicyReports(c)
+}
+
+func (c *Wgpolicyk8sV1alpha1Client) PolicyReports(namespace string) PolicyReportInterface {
+	return newPolicyReports(c, namespace)
+}
+
+// NewForConfig creates a new Wgpolicyk8sV1alpha1Client for the given config.
+// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient),
+// where httpClient was generated with rest.HTTPClientFor(c).
+func NewForConfig(c *rest.Config) (*Wgpolicyk8sV1alpha1Client, error) {
+	config := *c
+	if err := setConfigDefaults(&config); err != nil {
+		return nil, err
+	}
+	httpClient, err := rest.HTTPClientFor(&config)
+	if err != nil {
+		return nil, err
+	}
+	return NewForConfigAndClient(&config, httpClient)
+}
+
+// NewForConfigAndClient creates a new Wgpolicyk8sV1alpha1Client for the given config and http client.
+// Note the http client provided takes precedence over the configured transport values.
+func NewForConfigAndClient(c *rest.Config, h *http.Client) (*Wgpolicyk8sV1alpha1Client, error) {
+	config := *c
+	if err := setConfigDefaults(&config); err != nil {
+		return nil, err
+	}
+	client, err := rest.RESTClientForConfigAndClient(&config, h)
+	if err != nil {
+		return nil, err
+	}
+	return &Wgpolicyk8sV1alpha1Client{client}, nil
+}
+
+// NewForConfigOrDie creates a new Wgpolicyk8sV1alpha1Client for the given config and
+// panics if there is an error in the config.
+func NewForConfigOrDie(c *rest.Config) *Wgpolicyk8sV1alpha1Client {
+	client, err := NewForConfig(c)
+	if err != nil {
+		panic(err)
+	}
+	return client
+}
+
+// New creates a new Wgpolicyk8sV1alpha1Client for the given RESTClient.
+func New(c rest.Interface) *Wgpolicyk8sV1alpha1Client {
+	return &Wgpolicyk8sV1alpha1Client{c}
+}
+
+func setConfigDefaults(config *rest.Config) error {
+	gv := v1alpha1.SchemeGroupVersion
+	config.GroupVersion = &gv
+	config.APIPath = "/apis"
+	config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
+
+	if config.UserAgent == "" {
+		config.UserAgent = rest.DefaultKubernetesUserAgent()
+	}
+
+	return nil
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *Wgpolicyk8sV1alpha1Client) RESTClient() rest.Interface {
+	if c == nil {
+		return nil
+	}
+	return c.restClient
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/clusterpolicyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/clusterpolicyreport.go
new file mode 100644
index 0000000..6f152d4
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/clusterpolicyreport.go
@@ -0,0 +1,167 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha2
+
+import (
+	"context"
+	"time"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+	v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2"
+	scheme "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme"
+)
+
+// ClusterPolicyReportsGetter has a method to return a ClusterPolicyReportInterface.
+// A group's client should implement this interface.
+type ClusterPolicyReportsGetter interface {
+	ClusterPolicyReports() ClusterPolicyReportInterface
+}
+
+// ClusterPolicyReportInterface has methods to work with ClusterPolicyReport resources.
+type ClusterPolicyReportInterface interface {
+	Create(ctx context.Context, clusterPolicyReport *v1alpha2.ClusterPolicyReport, opts v1.CreateOptions) (*v1alpha2.ClusterPolicyReport, error)
+	Update(ctx context.Context, clusterPolicyReport *v1alpha2.ClusterPolicyReport, opts v1.UpdateOptions) (*v1alpha2.ClusterPolicyReport, error)
+	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+	Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha2.ClusterPolicyReport, error)
+	List(ctx context.Context, opts v1.ListOptions) (*v1alpha2.ClusterPolicyReportList, error)
+	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.ClusterPolicyReport, err error)
+	ClusterPolicyReportExpansion
+}
+
+// clusterPolicyReports implements ClusterPolicyReportInterface
+type clusterPolicyReports struct {
+	client rest.Interface
+}
+
+// newClusterPolicyReports returns a ClusterPolicyReports
+func newClusterPolicyReports(c *Wgpolicyk8sV1alpha2Client) *clusterPolicyReports {
+	return &clusterPolicyReports{
+		client: c.RESTClient(),
+	}
+}
+
+// Get takes name of the clusterPolicyReport, and returns the corresponding clusterPolicyReport object, and an error if there is any.
+func (c *clusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.ClusterPolicyReport, err error) {
+	result = &v1alpha2.ClusterPolicyReport{}
+	err = c.client.Get().
+		Resource("clusterpolicyreports").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of ClusterPolicyReports that match those selectors.
+func (c *clusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.ClusterPolicyReportList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1alpha2.ClusterPolicyReportList{}
+	err = c.client.Get().
+		Resource("clusterpolicyreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested clusterPolicyReports.
+func (c *clusterPolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Resource("clusterpolicyreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a clusterPolicyReport and creates it.  Returns the server's representation of the clusterPolicyReport, and an error, if there is any.
+func (c *clusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1alpha2.ClusterPolicyReport, opts v1.CreateOptions) (result *v1alpha2.ClusterPolicyReport, err error) {
+	result = &v1alpha2.ClusterPolicyReport{}
+	err = c.client.Post().
+		Resource("clusterpolicyreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(clusterPolicyReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a clusterPolicyReport and updates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any.
+func (c *clusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1alpha2.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1alpha2.ClusterPolicyReport, err error) {
+	result = &v1alpha2.ClusterPolicyReport{}
+	err = c.client.Put().
+		Resource("clusterpolicyreports").
+		Name(clusterPolicyReport.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(clusterPolicyReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the clusterPolicyReport and deletes it. Returns an error if one occurs.
+func (c *clusterPolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	return c.client.Delete().
+		Resource("clusterpolicyreports").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *clusterPolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Resource("clusterpolicyreports").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched clusterPolicyReport.
+func (c *clusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.ClusterPolicyReport, err error) {
+	result = &v1alpha2.ClusterPolicyReport{}
+	err = c.client.Patch(pt).
+		Resource("clusterpolicyreports").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/doc.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/doc.go
new file mode 100644
index 0000000..35adcce
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/doc.go
@@ -0,0 +1,19 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+// This package has the automatically generated typed clients.
+package v1alpha2
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/doc.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/doc.go
new file mode 100644
index 0000000..3b00159
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/doc.go
@@ -0,0 +1,19 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+// Package fake has the automatically generated clients.
+package fake
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/fake_clusterpolicyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/fake_clusterpolicyreport.go
new file mode 100644
index 0000000..e6a98ad
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/fake_clusterpolicyreport.go
@@ -0,0 +1,120 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+	v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2"
+)
+
+// FakeClusterPolicyReports implements ClusterPolicyReportInterface
+type FakeClusterPolicyReports struct {
+	Fake *FakeWgpolicyk8sV1alpha2
+}
+
+var clusterpolicyreportsResource = v1alpha2.SchemeGroupVersion.WithResource("clusterpolicyreports")
+
+var clusterpolicyreportsKind = v1alpha2.SchemeGroupVersion.WithKind("ClusterPolicyReport")
+
+// Get takes name of the clusterPolicyReport, and returns the corresponding clusterPolicyReport object, and an error if there is any.
+func (c *FakeClusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.ClusterPolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootGetAction(clusterpolicyreportsResource, name), &v1alpha2.ClusterPolicyReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha2.ClusterPolicyReport), err
+}
+
+// List takes label and field selectors, and returns the list of ClusterPolicyReports that match those selectors.
+func (c *FakeClusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.ClusterPolicyReportList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootListAction(clusterpolicyreportsResource, clusterpolicyreportsKind, opts), &v1alpha2.ClusterPolicyReportList{})
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1alpha2.ClusterPolicyReportList{ListMeta: obj.(*v1alpha2.ClusterPolicyReportList).ListMeta}
+	for _, item := range obj.(*v1alpha2.ClusterPolicyReportList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested clusterPolicyReports.
+func (c *FakeClusterPolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewRootWatchAction(clusterpolicyreportsResource, opts))
+}
+
+// Create takes the representation of a clusterPolicyReport and creates it.  Returns the server's representation of the clusterPolicyReport, and an error, if there is any.
+func (c *FakeClusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1alpha2.ClusterPolicyReport, opts v1.CreateOptions) (result *v1alpha2.ClusterPolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootCreateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1alpha2.ClusterPolicyReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha2.ClusterPolicyReport), err
+}
+
+// Update takes the representation of a clusterPolicyReport and updates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any.
+func (c *FakeClusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1alpha2.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1alpha2.ClusterPolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1alpha2.ClusterPolicyReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha2.ClusterPolicyReport), err
+}
+
+// Delete takes name of the clusterPolicyReport and deletes it. Returns an error if one occurs.
+func (c *FakeClusterPolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewRootDeleteActionWithOptions(clusterpolicyreportsResource, name, opts), &v1alpha2.ClusterPolicyReport{})
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeClusterPolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	action := testing.NewRootDeleteCollectionAction(clusterpolicyreportsResource, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v1alpha2.ClusterPolicyReportList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched clusterPolicyReport.
+func (c *FakeClusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.ClusterPolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootPatchSubresourceAction(clusterpolicyreportsResource, name, pt, data, subresources...), &v1alpha2.ClusterPolicyReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha2.ClusterPolicyReport), err
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/fake_policyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/fake_policyreport.go
new file mode 100644
index 0000000..da5a056
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/fake_policyreport.go
@@ -0,0 +1,128 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+	v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2"
+)
+
+// FakePolicyReports implements PolicyReportInterface
+type FakePolicyReports struct {
+	Fake *FakeWgpolicyk8sV1alpha2
+	ns   string
+}
+
+var policyreportsResource = v1alpha2.SchemeGroupVersion.WithResource("policyreports")
+
+var policyreportsKind = v1alpha2.SchemeGroupVersion.WithKind("PolicyReport")
+
+// Get takes name of the policyReport, and returns the corresponding policyReport object, and an error if there is any.
+func (c *FakePolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.PolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewGetAction(policyreportsResource, c.ns, name), &v1alpha2.PolicyReport{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha2.PolicyReport), err
+}
+
+// List takes label and field selectors, and returns the list of PolicyReports that match those selectors.
+func (c *FakePolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.PolicyReportList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewListAction(policyreportsResource, policyreportsKind, c.ns, opts), &v1alpha2.PolicyReportList{})
+
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1alpha2.PolicyReportList{ListMeta: obj.(*v1alpha2.PolicyReportList).ListMeta}
+	for _, item := range obj.(*v1alpha2.PolicyReportList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested policyReports.
+func (c *FakePolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewWatchAction(policyreportsResource, c.ns, opts))
+
+}
+
+// Create takes the representation of a policyReport and creates it.  Returns the server's representation of the policyReport, and an error, if there is any.
+func (c *FakePolicyReports) Create(ctx context.Context, policyReport *v1alpha2.PolicyReport, opts v1.CreateOptions) (result *v1alpha2.PolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewCreateAction(policyreportsResource, c.ns, policyReport), &v1alpha2.PolicyReport{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha2.PolicyReport), err
+}
+
+// Update takes the representation of a policyReport and updates it. Returns the server's representation of the policyReport, and an error, if there is any.
+func (c *FakePolicyReports) Update(ctx context.Context, policyReport *v1alpha2.PolicyReport, opts v1.UpdateOptions) (result *v1alpha2.PolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateAction(policyreportsResource, c.ns, policyReport), &v1alpha2.PolicyReport{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha2.PolicyReport), err
+}
+
+// Delete takes name of the policyReport and deletes it. Returns an error if one occurs.
+func (c *FakePolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewDeleteActionWithOptions(policyreportsResource, c.ns, name, opts), &v1alpha2.PolicyReport{})
+
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakePolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	action := testing.NewDeleteCollectionAction(policyreportsResource, c.ns, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v1alpha2.PolicyReportList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched policyReport.
+func (c *FakePolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.PolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewPatchSubresourceAction(policyreportsResource, c.ns, name, pt, data, subresources...), &v1alpha2.PolicyReport{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha2.PolicyReport), err
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/fake_wgpolicyk8s.io_client.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/fake_wgpolicyk8s.io_client.go
new file mode 100644
index 0000000..9ace20b
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/fake/fake_wgpolicyk8s.io_client.go
@@ -0,0 +1,43 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	rest "k8s.io/client-go/rest"
+	testing "k8s.io/client-go/testing"
+	v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2"
+)
+
+type FakeWgpolicyk8sV1alpha2 struct {
+	*testing.Fake
+}
+
+func (c *FakeWgpolicyk8sV1alpha2) ClusterPolicyReports() v1alpha2.ClusterPolicyReportInterface {
+	return &FakeClusterPolicyReports{c}
+}
+
+func (c *FakeWgpolicyk8sV1alpha2) PolicyReports(namespace string) v1alpha2.PolicyReportInterface {
+	return &FakePolicyReports{c, namespace}
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *FakeWgpolicyk8sV1alpha2) RESTClient() rest.Interface {
+	var ret *rest.RESTClient
+	return ret
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/generated_expansion.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/generated_expansion.go
new file mode 100644
index 0000000..edf637c
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/generated_expansion.go
@@ -0,0 +1,22 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha2
+
+type ClusterPolicyReportExpansion interface{}
+
+type PolicyReportExpansion interface{}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/policyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/policyreport.go
new file mode 100644
index 0000000..57d4a97
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/policyreport.go
@@ -0,0 +1,177 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha2
+
+import (
+	"context"
+	"time"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+	v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2"
+	scheme "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme"
+)
+
+// PolicyReportsGetter has a method to return a PolicyReportInterface.
+// A group's client should implement this interface.
+type PolicyReportsGetter interface {
+	PolicyReports(namespace string) PolicyReportInterface
+}
+
+// PolicyReportInterface has methods to work with PolicyReport resources.
+type PolicyReportInterface interface {
+	Create(ctx context.Context, policyReport *v1alpha2.PolicyReport, opts v1.CreateOptions) (*v1alpha2.PolicyReport, error)
+	Update(ctx context.Context, policyReport *v1alpha2.PolicyReport, opts v1.UpdateOptions) (*v1alpha2.PolicyReport, error)
+	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+	Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha2.PolicyReport, error)
+	List(ctx context.Context, opts v1.ListOptions) (*v1alpha2.PolicyReportList, error)
+	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.PolicyReport, err error)
+	PolicyReportExpansion
+}
+
+// policyReports implements PolicyReportInterface
+type policyReports struct {
+	client rest.Interface
+	ns     string
+}
+
+// newPolicyReports returns a PolicyReports
+func newPolicyReports(c *Wgpolicyk8sV1alpha2Client, namespace string) *policyReports {
+	return &policyReports{
+		client: c.RESTClient(),
+		ns:     namespace,
+	}
+}
+
+// Get takes name of the policyReport, and returns the corresponding policyReport object, and an error if there is any.
+func (c *policyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.PolicyReport, err error) {
+	result = &v1alpha2.PolicyReport{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("policyreports").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of PolicyReports that match those selectors.
+func (c *policyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.PolicyReportList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1alpha2.PolicyReportList{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("policyreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested policyReports.
+func (c *policyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Namespace(c.ns).
+		Resource("policyreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a policyReport and creates it.  Returns the server's representation of the policyReport, and an error, if there is any.
+func (c *policyReports) Create(ctx context.Context, policyReport *v1alpha2.PolicyReport, opts v1.CreateOptions) (result *v1alpha2.PolicyReport, err error) {
+	result = &v1alpha2.PolicyReport{}
+	err = c.client.Post().
+		Namespace(c.ns).
+		Resource("policyreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(policyReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a policyReport and updates it. Returns the server's representation of the policyReport, and an error, if there is any.
+func (c *policyReports) Update(ctx context.Context, policyReport *v1alpha2.PolicyReport, opts v1.UpdateOptions) (result *v1alpha2.PolicyReport, err error) {
+	result = &v1alpha2.PolicyReport{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("policyreports").
+		Name(policyReport.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(policyReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the policyReport and deletes it. Returns an error if one occurs.
+func (c *policyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("policyreports").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *policyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("policyreports").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched policyReport.
+func (c *policyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.PolicyReport, err error) {
+	result = &v1alpha2.PolicyReport{}
+	err = c.client.Patch(pt).
+		Namespace(c.ns).
+		Resource("policyreports").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/wgpolicyk8s.io_client.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/wgpolicyk8s.io_client.go
new file mode 100644
index 0000000..e15e504
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1alpha2/wgpolicyk8s.io_client.go
@@ -0,0 +1,111 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha2
+
+import (
+	"net/http"
+
+	rest "k8s.io/client-go/rest"
+	v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2"
+	"sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme"
+)
+
+type Wgpolicyk8sV1alpha2Interface interface {
+	RESTClient() rest.Interface
+	ClusterPolicyReportsGetter
+	PolicyReportsGetter
+}
+
+// Wgpolicyk8sV1alpha2Client is used to interact with features provided by the wgpolicyk8s.io group.
+type Wgpolicyk8sV1alpha2Client struct {
+	restClient rest.Interface
+}
+
+func (c *Wgpolicyk8sV1alpha2Client) ClusterPolicyReports() ClusterPolicyReportInterface {
+	return newClusterPolicyReports(c)
+}
+
+func (c *Wgpolicyk8sV1alpha2Client) PolicyReports(namespace string) PolicyReportInterface {
+	return newPolicyReports(c, namespace)
+}
+
+// NewForConfig creates a new Wgpolicyk8sV1alpha2Client for the given config.
+// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient),
+// where httpClient was generated with rest.HTTPClientFor(c).
+func NewForConfig(c *rest.Config) (*Wgpolicyk8sV1alpha2Client, error) {
+	config := *c
+	if err := setConfigDefaults(&config); err != nil {
+		return nil, err
+	}
+	httpClient, err := rest.HTTPClientFor(&config)
+	if err != nil {
+		return nil, err
+	}
+	return NewForConfigAndClient(&config, httpClient)
+}
+
+// NewForConfigAndClient creates a new Wgpolicyk8sV1alpha2Client for the given config and http client.
+// Note the http client provided takes precedence over the configured transport values.
+func NewForConfigAndClient(c *rest.Config, h *http.Client) (*Wgpolicyk8sV1alpha2Client, error) {
+	config := *c
+	if err := setConfigDefaults(&config); err != nil {
+		return nil, err
+	}
+	client, err := rest.RESTClientForConfigAndClient(&config, h)
+	if err != nil {
+		return nil, err
+	}
+	return &Wgpolicyk8sV1alpha2Client{client}, nil
+}
+
+// NewForConfigOrDie creates a new Wgpolicyk8sV1alpha2Client for the given config and
+// panics if there is an error in the config.
+func NewForConfigOrDie(c *rest.Config) *Wgpolicyk8sV1alpha2Client {
+	client, err := NewForConfig(c)
+	if err != nil {
+		panic(err)
+	}
+	return client
+}
+
+// New creates a new Wgpolicyk8sV1alpha2Client for the given RESTClient.
+func New(c rest.Interface) *Wgpolicyk8sV1alpha2Client {
+	return &Wgpolicyk8sV1alpha2Client{c}
+}
+
+func setConfigDefaults(config *rest.Config) error {
+	gv := v1alpha2.SchemeGroupVersion
+	config.GroupVersion = &gv
+	config.APIPath = "/apis"
+	config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
+
+	if config.UserAgent == "" {
+		config.UserAgent = rest.DefaultKubernetesUserAgent()
+	}
+
+	return nil
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *Wgpolicyk8sV1alpha2Client) RESTClient() rest.Interface {
+	if c == nil {
+		return nil
+	}
+	return c.restClient
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/clusterpolicyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/clusterpolicyreport.go
new file mode 100644
index 0000000..3e201b2
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/clusterpolicyreport.go
@@ -0,0 +1,167 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	"context"
+	"time"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+	v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1"
+	scheme "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme"
+)
+
+// ClusterPolicyReportsGetter has a method to return a ClusterPolicyReportInterface.
+// A group's client should implement this interface.
+type ClusterPolicyReportsGetter interface {
+	ClusterPolicyReports() ClusterPolicyReportInterface
+}
+
+// ClusterPolicyReportInterface has methods to work with ClusterPolicyReport resources.
+type ClusterPolicyReportInterface interface {
+	Create(ctx context.Context, clusterPolicyReport *v1beta1.ClusterPolicyReport, opts v1.CreateOptions) (*v1beta1.ClusterPolicyReport, error)
+	Update(ctx context.Context, clusterPolicyReport *v1beta1.ClusterPolicyReport, opts v1.UpdateOptions) (*v1beta1.ClusterPolicyReport, error)
+	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+	Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.ClusterPolicyReport, error)
+	List(ctx context.Context, opts v1.ListOptions) (*v1beta1.ClusterPolicyReportList, error)
+	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ClusterPolicyReport, err error)
+	ClusterPolicyReportExpansion
+}
+
+// clusterPolicyReports implements ClusterPolicyReportInterface
+type clusterPolicyReports struct {
+	client rest.Interface
+}
+
+// newClusterPolicyReports returns a ClusterPolicyReports
+func newClusterPolicyReports(c *Wgpolicyk8sV1beta1Client) *clusterPolicyReports {
+	return &clusterPolicyReports{
+		client: c.RESTClient(),
+	}
+}
+
+// Get takes name of the clusterPolicyReport, and returns the corresponding clusterPolicyReport object, and an error if there is any.
+func (c *clusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.ClusterPolicyReport, err error) {
+	result = &v1beta1.ClusterPolicyReport{}
+	err = c.client.Get().
+		Resource("clusterpolicyreports").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of ClusterPolicyReports that match those selectors.
+func (c *clusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.ClusterPolicyReportList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1beta1.ClusterPolicyReportList{}
+	err = c.client.Get().
+		Resource("clusterpolicyreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested clusterPolicyReports.
+func (c *clusterPolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Resource("clusterpolicyreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a clusterPolicyReport and creates it.  Returns the server's representation of the clusterPolicyReport, and an error, if there is any.
+func (c *clusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1beta1.ClusterPolicyReport, opts v1.CreateOptions) (result *v1beta1.ClusterPolicyReport, err error) {
+	result = &v1beta1.ClusterPolicyReport{}
+	err = c.client.Post().
+		Resource("clusterpolicyreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(clusterPolicyReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a clusterPolicyReport and updates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any.
+func (c *clusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1beta1.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1beta1.ClusterPolicyReport, err error) {
+	result = &v1beta1.ClusterPolicyReport{}
+	err = c.client.Put().
+		Resource("clusterpolicyreports").
+		Name(clusterPolicyReport.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(clusterPolicyReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the clusterPolicyReport and deletes it. Returns an error if one occurs.
+func (c *clusterPolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	return c.client.Delete().
+		Resource("clusterpolicyreports").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *clusterPolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Resource("clusterpolicyreports").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched clusterPolicyReport.
+func (c *clusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ClusterPolicyReport, err error) {
+	result = &v1beta1.ClusterPolicyReport{}
+	err = c.client.Patch(pt).
+		Resource("clusterpolicyreports").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/doc.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/doc.go
new file mode 100644
index 0000000..87e8d20
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/doc.go
@@ -0,0 +1,19 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+// This package has the automatically generated typed clients.
+package v1beta1
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/doc.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/doc.go
new file mode 100644
index 0000000..3b00159
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/doc.go
@@ -0,0 +1,19 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+// Package fake has the automatically generated clients.
+package fake
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/fake_clusterpolicyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/fake_clusterpolicyreport.go
new file mode 100644
index 0000000..d4d6a78
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/fake_clusterpolicyreport.go
@@ -0,0 +1,120 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+	v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1"
+)
+
+// FakeClusterPolicyReports implements ClusterPolicyReportInterface
+type FakeClusterPolicyReports struct {
+	Fake *FakeWgpolicyk8sV1beta1
+}
+
+var clusterpolicyreportsResource = v1beta1.SchemeGroupVersion.WithResource("clusterpolicyreports")
+
+var clusterpolicyreportsKind = v1beta1.SchemeGroupVersion.WithKind("ClusterPolicyReport")
+
+// Get takes name of the clusterPolicyReport, and returns the corresponding clusterPolicyReport object, and an error if there is any.
+func (c *FakeClusterPolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.ClusterPolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootGetAction(clusterpolicyreportsResource, name), &v1beta1.ClusterPolicyReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta1.ClusterPolicyReport), err
+}
+
+// List takes label and field selectors, and returns the list of ClusterPolicyReports that match those selectors.
+func (c *FakeClusterPolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.ClusterPolicyReportList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootListAction(clusterpolicyreportsResource, clusterpolicyreportsKind, opts), &v1beta1.ClusterPolicyReportList{})
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1beta1.ClusterPolicyReportList{ListMeta: obj.(*v1beta1.ClusterPolicyReportList).ListMeta}
+	for _, item := range obj.(*v1beta1.ClusterPolicyReportList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested clusterPolicyReports.
+func (c *FakeClusterPolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewRootWatchAction(clusterpolicyreportsResource, opts))
+}
+
+// Create takes the representation of a clusterPolicyReport and creates it.  Returns the server's representation of the clusterPolicyReport, and an error, if there is any.
+func (c *FakeClusterPolicyReports) Create(ctx context.Context, clusterPolicyReport *v1beta1.ClusterPolicyReport, opts v1.CreateOptions) (result *v1beta1.ClusterPolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootCreateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1beta1.ClusterPolicyReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta1.ClusterPolicyReport), err
+}
+
+// Update takes the representation of a clusterPolicyReport and updates it. Returns the server's representation of the clusterPolicyReport, and an error, if there is any.
+func (c *FakeClusterPolicyReports) Update(ctx context.Context, clusterPolicyReport *v1beta1.ClusterPolicyReport, opts v1.UpdateOptions) (result *v1beta1.ClusterPolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateAction(clusterpolicyreportsResource, clusterPolicyReport), &v1beta1.ClusterPolicyReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta1.ClusterPolicyReport), err
+}
+
+// Delete takes name of the clusterPolicyReport and deletes it. Returns an error if one occurs.
+func (c *FakeClusterPolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewRootDeleteActionWithOptions(clusterpolicyreportsResource, name, opts), &v1beta1.ClusterPolicyReport{})
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeClusterPolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	action := testing.NewRootDeleteCollectionAction(clusterpolicyreportsResource, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v1beta1.ClusterPolicyReportList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched clusterPolicyReport.
+func (c *FakeClusterPolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ClusterPolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootPatchSubresourceAction(clusterpolicyreportsResource, name, pt, data, subresources...), &v1beta1.ClusterPolicyReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta1.ClusterPolicyReport), err
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/fake_policyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/fake_policyreport.go
new file mode 100644
index 0000000..aca1f53
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/fake_policyreport.go
@@ -0,0 +1,128 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+	v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1"
+)
+
+// FakePolicyReports implements PolicyReportInterface
+type FakePolicyReports struct {
+	Fake *FakeWgpolicyk8sV1beta1
+	ns   string
+}
+
+var policyreportsResource = v1beta1.SchemeGroupVersion.WithResource("policyreports")
+
+var policyreportsKind = v1beta1.SchemeGroupVersion.WithKind("PolicyReport")
+
+// Get takes name of the policyReport, and returns the corresponding policyReport object, and an error if there is any.
+func (c *FakePolicyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.PolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewGetAction(policyreportsResource, c.ns, name), &v1beta1.PolicyReport{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta1.PolicyReport), err
+}
+
+// List takes label and field selectors, and returns the list of PolicyReports that match those selectors.
+func (c *FakePolicyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.PolicyReportList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewListAction(policyreportsResource, policyreportsKind, c.ns, opts), &v1beta1.PolicyReportList{})
+
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1beta1.PolicyReportList{ListMeta: obj.(*v1beta1.PolicyReportList).ListMeta}
+	for _, item := range obj.(*v1beta1.PolicyReportList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested policyReports.
+func (c *FakePolicyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewWatchAction(policyreportsResource, c.ns, opts))
+
+}
+
+// Create takes the representation of a policyReport and creates it.  Returns the server's representation of the policyReport, and an error, if there is any.
+func (c *FakePolicyReports) Create(ctx context.Context, policyReport *v1beta1.PolicyReport, opts v1.CreateOptions) (result *v1beta1.PolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewCreateAction(policyreportsResource, c.ns, policyReport), &v1beta1.PolicyReport{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta1.PolicyReport), err
+}
+
+// Update takes the representation of a policyReport and updates it. Returns the server's representation of the policyReport, and an error, if there is any.
+func (c *FakePolicyReports) Update(ctx context.Context, policyReport *v1beta1.PolicyReport, opts v1.UpdateOptions) (result *v1beta1.PolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateAction(policyreportsResource, c.ns, policyReport), &v1beta1.PolicyReport{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta1.PolicyReport), err
+}
+
+// Delete takes name of the policyReport and deletes it. Returns an error if one occurs.
+func (c *FakePolicyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewDeleteActionWithOptions(policyreportsResource, c.ns, name, opts), &v1beta1.PolicyReport{})
+
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakePolicyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	action := testing.NewDeleteCollectionAction(policyreportsResource, c.ns, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v1beta1.PolicyReportList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched policyReport.
+func (c *FakePolicyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.PolicyReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewPatchSubresourceAction(policyreportsResource, c.ns, name, pt, data, subresources...), &v1beta1.PolicyReport{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta1.PolicyReport), err
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/fake_wgpolicyk8s.io_client.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/fake_wgpolicyk8s.io_client.go
new file mode 100644
index 0000000..d9b0e3e
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/fake/fake_wgpolicyk8s.io_client.go
@@ -0,0 +1,43 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	rest "k8s.io/client-go/rest"
+	testing "k8s.io/client-go/testing"
+	v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1"
+)
+
+type FakeWgpolicyk8sV1beta1 struct {
+	*testing.Fake
+}
+
+func (c *FakeWgpolicyk8sV1beta1) ClusterPolicyReports() v1beta1.ClusterPolicyReportInterface {
+	return &FakeClusterPolicyReports{c}
+}
+
+func (c *FakeWgpolicyk8sV1beta1) PolicyReports(namespace string) v1beta1.PolicyReportInterface {
+	return &FakePolicyReports{c, namespace}
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *FakeWgpolicyk8sV1beta1) RESTClient() rest.Interface {
+	var ret *rest.RESTClient
+	return ret
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/generated_expansion.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/generated_expansion.go
new file mode 100644
index 0000000..882554f
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/generated_expansion.go
@@ -0,0 +1,22 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1beta1
+
+type ClusterPolicyReportExpansion interface{}
+
+type PolicyReportExpansion interface{}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/policyreport.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/policyreport.go
new file mode 100644
index 0000000..e03a3a6
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/policyreport.go
@@ -0,0 +1,177 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	"context"
+	"time"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+	v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1"
+	scheme "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme"
+)
+
+// PolicyReportsGetter has a method to return a PolicyReportInterface.
+// A group's client should implement this interface.
+type PolicyReportsGetter interface {
+	PolicyReports(namespace string) PolicyReportInterface
+}
+
+// PolicyReportInterface has methods to work with PolicyReport resources.
+type PolicyReportInterface interface {
+	Create(ctx context.Context, policyReport *v1beta1.PolicyReport, opts v1.CreateOptions) (*v1beta1.PolicyReport, error)
+	Update(ctx context.Context, policyReport *v1beta1.PolicyReport, opts v1.UpdateOptions) (*v1beta1.PolicyReport, error)
+	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+	Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.PolicyReport, error)
+	List(ctx context.Context, opts v1.ListOptions) (*v1beta1.PolicyReportList, error)
+	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.PolicyReport, err error)
+	PolicyReportExpansion
+}
+
+// policyReports implements PolicyReportInterface
+type policyReports struct {
+	client rest.Interface
+	ns     string
+}
+
+// newPolicyReports returns a PolicyReports
+func newPolicyReports(c *Wgpolicyk8sV1beta1Client, namespace string) *policyReports {
+	return &policyReports{
+		client: c.RESTClient(),
+		ns:     namespace,
+	}
+}
+
+// Get takes name of the policyReport, and returns the corresponding policyReport object, and an error if there is any.
+func (c *policyReports) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.PolicyReport, err error) {
+	result = &v1beta1.PolicyReport{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("policyreports").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of PolicyReports that match those selectors.
+func (c *policyReports) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.PolicyReportList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1beta1.PolicyReportList{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("policyreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested policyReports.
+func (c *policyReports) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Namespace(c.ns).
+		Resource("policyreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a policyReport and creates it.  Returns the server's representation of the policyReport, and an error, if there is any.
+func (c *policyReports) Create(ctx context.Context, policyReport *v1beta1.PolicyReport, opts v1.CreateOptions) (result *v1beta1.PolicyReport, err error) {
+	result = &v1beta1.PolicyReport{}
+	err = c.client.Post().
+		Namespace(c.ns).
+		Resource("policyreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(policyReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a policyReport and updates it. Returns the server's representation of the policyReport, and an error, if there is any.
+func (c *policyReports) Update(ctx context.Context, policyReport *v1beta1.PolicyReport, opts v1.UpdateOptions) (result *v1beta1.PolicyReport, err error) {
+	result = &v1beta1.PolicyReport{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("policyreports").
+		Name(policyReport.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(policyReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the policyReport and deletes it. Returns an error if one occurs.
+func (c *policyReports) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("policyreports").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *policyReports) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("policyreports").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched policyReport.
+func (c *policyReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.PolicyReport, err error) {
+	result = &v1beta1.PolicyReport{}
+	err = c.client.Patch(pt).
+		Namespace(c.ns).
+		Resource("policyreports").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}
diff --git a/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/wgpolicyk8s.io_client.go b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/wgpolicyk8s.io_client.go
new file mode 100644
index 0000000..67d1479
--- /dev/null
+++ b/policy-report/pkg/client/clientset/versioned/typed/wgpolicyk8s.io/v1beta1/wgpolicyk8s.io_client.go
@@ -0,0 +1,111 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	"net/http"
+
+	rest "k8s.io/client-go/rest"
+	v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1"
+	"sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned/scheme"
+)
+
+type Wgpolicyk8sV1beta1Interface interface {
+	RESTClient() rest.Interface
+	ClusterPolicyReportsGetter
+	PolicyReportsGetter
+}
+
+// Wgpolicyk8sV1beta1Client is used to interact with features provided by the wgpolicyk8s.io group.
+type Wgpolicyk8sV1beta1Client struct {
+	restClient rest.Interface
+}
+
+func (c *Wgpolicyk8sV1beta1Client) ClusterPolicyReports() ClusterPolicyReportInterface {
+	return newClusterPolicyReports(c)
+}
+
+func (c *Wgpolicyk8sV1beta1Client) PolicyReports(namespace string) PolicyReportInterface {
+	return newPolicyReports(c, namespace)
+}
+
+// NewForConfig creates a new Wgpolicyk8sV1beta1Client for the given config.
+// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient),
+// where httpClient was generated with rest.HTTPClientFor(c).
+func NewForConfig(c *rest.Config) (*Wgpolicyk8sV1beta1Client, error) {
+	config := *c
+	if err := setConfigDefaults(&config); err != nil {
+		return nil, err
+	}
+	httpClient, err := rest.HTTPClientFor(&config)
+	if err != nil {
+		return nil, err
+	}
+	return NewForConfigAndClient(&config, httpClient)
+}
+
+// NewForConfigAndClient creates a new Wgpolicyk8sV1beta1Client for the given config and http client.
+// Note the http client provided takes precedence over the configured transport values.
+func NewForConfigAndClient(c *rest.Config, h *http.Client) (*Wgpolicyk8sV1beta1Client, error) {
+	config := *c
+	if err := setConfigDefaults(&config); err != nil {
+		return nil, err
+	}
+	client, err := rest.RESTClientForConfigAndClient(&config, h)
+	if err != nil {
+		return nil, err
+	}
+	return &Wgpolicyk8sV1beta1Client{client}, nil
+}
+
+// NewForConfigOrDie creates a new Wgpolicyk8sV1beta1Client for the given config and
+// panics if there is an error in the config.
+func NewForConfigOrDie(c *rest.Config) *Wgpolicyk8sV1beta1Client {
+	client, err := NewForConfig(c)
+	if err != nil {
+		panic(err)
+	}
+	return client
+}
+
+// New creates a new Wgpolicyk8sV1beta1Client for the given RESTClient.
+func New(c rest.Interface) *Wgpolicyk8sV1beta1Client {
+	return &Wgpolicyk8sV1beta1Client{c}
+}
+
+func setConfigDefaults(config *rest.Config) error {
+	gv := v1beta1.SchemeGroupVersion
+	config.GroupVersion = &gv
+	config.APIPath = "/apis"
+	config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
+
+	if config.UserAgent == "" {
+		config.UserAgent = rest.DefaultKubernetesUserAgent()
+	}
+
+	return nil
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *Wgpolicyk8sV1beta1Client) RESTClient() rest.Interface {
+	if c == nil {
+		return nil
+	}
+	return c.restClient
+}
diff --git a/policy-report/pkg/client/informers/externalversions/factory.go b/policy-report/pkg/client/informers/externalversions/factory.go
new file mode 100644
index 0000000..bae0a62
--- /dev/null
+++ b/policy-report/pkg/client/informers/externalversions/factory.go
@@ -0,0 +1,266 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by informer-gen. DO NOT EDIT.
+
+package externalversions
+
+import (
+	reflect "reflect"
+	sync "sync"
+	time "time"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
+	cache "k8s.io/client-go/tools/cache"
+	versioned "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned"
+	internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces"
+	reportsxk8sio "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io"
+	wgpolicyk8sio "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io"
+)
+
+// SharedInformerOption defines the functional option type for SharedInformerFactory.
+type SharedInformerOption func(*sharedInformerFactory) *sharedInformerFactory
+
+type sharedInformerFactory struct {
+	client           versioned.Interface
+	namespace        string
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+	lock             sync.Mutex
+	defaultResync    time.Duration
+	customResync     map[reflect.Type]time.Duration
+	transform        cache.TransformFunc
+
+	informers map[reflect.Type]cache.SharedIndexInformer
+	// startedInformers is used for tracking which informers have been started.
+	// This allows Start() to be called multiple times safely.
+	startedInformers map[reflect.Type]bool
+	// wg tracks how many goroutines were started.
+	wg sync.WaitGroup
+	// shuttingDown is true when Shutdown has been called. It may still be running
+	// because it needs to wait for goroutines.
+	shuttingDown bool
+}
+
+// WithCustomResyncConfig sets a custom resync period for the specified informer types.
+func WithCustomResyncConfig(resyncConfig map[v1.Object]time.Duration) SharedInformerOption {
+	return func(factory *sharedInformerFactory) *sharedInformerFactory {
+		for k, v := range resyncConfig {
+			factory.customResync[reflect.TypeOf(k)] = v
+		}
+		return factory
+	}
+}
+
+// WithTweakListOptions sets a custom filter on all listers of the configured SharedInformerFactory.
+func WithTweakListOptions(tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerOption {
+	return func(factory *sharedInformerFactory) *sharedInformerFactory {
+		factory.tweakListOptions = tweakListOptions
+		return factory
+	}
+}
+
+// WithNamespace limits the SharedInformerFactory to the specified namespace.
+func WithNamespace(namespace string) SharedInformerOption {
+	return func(factory *sharedInformerFactory) *sharedInformerFactory {
+		factory.namespace = namespace
+		return factory
+	}
+}
+
+// WithTransform sets a transform on all informers.
+func WithTransform(transform cache.TransformFunc) SharedInformerOption {
+	return func(factory *sharedInformerFactory) *sharedInformerFactory {
+		factory.transform = transform
+		return factory
+	}
+}
+
+// NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces.
+func NewSharedInformerFactory(client versioned.Interface, defaultResync time.Duration) SharedInformerFactory {
+	return NewSharedInformerFactoryWithOptions(client, defaultResync)
+}
+
+// NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory.
+// Listers obtained via this SharedInformerFactory will be subject to the same filters
+// as specified here.
+// Deprecated: Please use NewSharedInformerFactoryWithOptions instead
+func NewFilteredSharedInformerFactory(client versioned.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory {
+	return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions))
+}
+
+// NewSharedInformerFactoryWithOptions constructs a new instance of a SharedInformerFactory with additional options.
+func NewSharedInformerFactoryWithOptions(client versioned.Interface, defaultResync time.Duration, options ...SharedInformerOption) SharedInformerFactory {
+	factory := &sharedInformerFactory{
+		client:           client,
+		namespace:        v1.NamespaceAll,
+		defaultResync:    defaultResync,
+		informers:        make(map[reflect.Type]cache.SharedIndexInformer),
+		startedInformers: make(map[reflect.Type]bool),
+		customResync:     make(map[reflect.Type]time.Duration),
+	}
+
+	// Apply all options
+	for _, opt := range options {
+		factory = opt(factory)
+	}
+
+	return factory
+}
+
+func (f *sharedInformerFactory) Start(stopCh <-chan struct{}) {
+	f.lock.Lock()
+	defer f.lock.Unlock()
+
+	if f.shuttingDown {
+		return
+	}
+
+	for informerType, informer := range f.informers {
+		if !f.startedInformers[informerType] {
+			f.wg.Add(1)
+			// We need a new variable in each loop iteration,
+			// otherwise the goroutine would use the loop variable
+			// and that keeps changing.
+			informer := informer
+			go func() {
+				defer f.wg.Done()
+				informer.Run(stopCh)
+			}()
+			f.startedInformers[informerType] = true
+		}
+	}
+}
+
+func (f *sharedInformerFactory) Shutdown() {
+	f.lock.Lock()
+	f.shuttingDown = true
+	f.lock.Unlock()
+
+	// Will return immediately if there is nothing to wait for.
+	f.wg.Wait()
+}
+
+func (f *sharedInformerFactory) WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool {
+	informers := func() map[reflect.Type]cache.SharedIndexInformer {
+		f.lock.Lock()
+		defer f.lock.Unlock()
+
+		informers := map[reflect.Type]cache.SharedIndexInformer{}
+		for informerType, informer := range f.informers {
+			if f.startedInformers[informerType] {
+				informers[informerType] = informer
+			}
+		}
+		return informers
+	}()
+
+	res := map[reflect.Type]bool{}
+	for informType, informer := range informers {
+		res[informType] = cache.WaitForCacheSync(stopCh, informer.HasSynced)
+	}
+	return res
+}
+
+// InformerFor returns the SharedIndexInformer for obj using an internal
+// client.
+func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer {
+	f.lock.Lock()
+	defer f.lock.Unlock()
+
+	informerType := reflect.TypeOf(obj)
+	informer, exists := f.informers[informerType]
+	if exists {
+		return informer
+	}
+
+	resyncPeriod, exists := f.customResync[informerType]
+	if !exists {
+		resyncPeriod = f.defaultResync
+	}
+
+	informer = newFunc(f.client, resyncPeriod)
+	informer.SetTransform(f.transform)
+	f.informers[informerType] = informer
+
+	return informer
+}
+
+// SharedInformerFactory provides shared informers for resources in all known
+// API group versions.
+//
+// It is typically used like this:
+//
+//	ctx, cancel := context.Background()
+//	defer cancel()
+//	factory := NewSharedInformerFactory(client, resyncPeriod)
+//	defer factory.WaitForStop()    // Returns immediately if nothing was started.
+//	genericInformer := factory.ForResource(resource)
+//	typedInformer := factory.SomeAPIGroup().V1().SomeType()
+//	factory.Start(ctx.Done())          // Start processing these informers.
+//	synced := factory.WaitForCacheSync(ctx.Done())
+//	for v, ok := range synced {
+//	    if !ok {
+//	        fmt.Fprintf(os.Stderr, "caches failed to sync: %v", v)
+//	        return
+//	    }
+//	}
+//
+//	// Creating informers can also be created after Start, but then
+//	// Start must be called again:
+//	anotherGenericInformer := factory.ForResource(resource)
+//	factory.Start(ctx.Done())
+type SharedInformerFactory interface {
+	internalinterfaces.SharedInformerFactory
+
+	// Start initializes all requested informers. They are handled in goroutines
+	// which run until the stop channel gets closed.
+	Start(stopCh <-chan struct{})
+
+	// Shutdown marks a factory as shutting down. At that point no new
+	// informers can be started anymore and Start will return without
+	// doing anything.
+	//
+	// In addition, Shutdown blocks until all goroutines have terminated. For that
+	// to happen, the close channel(s) that they were started with must be closed,
+	// either before Shutdown gets called or while it is waiting.
+	//
+	// Shutdown may be called multiple times, even concurrently. All such calls will
+	// block until all goroutines have terminated.
+	Shutdown()
+
+	// WaitForCacheSync blocks until all started informers' caches were synced
+	// or the stop channel gets closed.
+	WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool
+
+	// ForResource gives generic access to a shared informer of the matching type.
+	ForResource(resource schema.GroupVersionResource) (GenericInformer, error)
+
+	// InformerFor returns the SharedIndexInformer for obj using an internal
+	// client.
+	InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer
+
+	Reports() reportsxk8sio.Interface
+	Wgpolicyk8s() wgpolicyk8sio.Interface
+}
+
+func (f *sharedInformerFactory) Reports() reportsxk8sio.Interface {
+	return reportsxk8sio.New(f, f.namespace, f.tweakListOptions)
+}
+
+func (f *sharedInformerFactory) Wgpolicyk8s() wgpolicyk8sio.Interface {
+	return wgpolicyk8sio.New(f, f.namespace, f.tweakListOptions)
+}
diff --git a/policy-report/pkg/client/informers/externalversions/generic.go b/policy-report/pkg/client/informers/externalversions/generic.go
new file mode 100644
index 0000000..7279c92
--- /dev/null
+++ b/policy-report/pkg/client/informers/externalversions/generic.go
@@ -0,0 +1,84 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by informer-gen. DO NOT EDIT.
+
+package externalversions
+
+import (
+	"fmt"
+
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
+	cache "k8s.io/client-go/tools/cache"
+	v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2"
+	v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1"
+	v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2"
+	v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1"
+)
+
+// GenericInformer is type of SharedIndexInformer which will locate and delegate to other
+// sharedInformers based on type
+type GenericInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() cache.GenericLister
+}
+
+type genericInformer struct {
+	informer cache.SharedIndexInformer
+	resource schema.GroupResource
+}
+
+// Informer returns the SharedIndexInformer.
+func (f *genericInformer) Informer() cache.SharedIndexInformer {
+	return f.informer
+}
+
+// Lister returns the GenericLister.
+func (f *genericInformer) Lister() cache.GenericLister {
+	return cache.NewGenericLister(f.Informer().GetIndexer(), f.resource)
+}
+
+// ForResource gives generic access to a shared informer of the matching type
+// TODO extend this to unknown resources with a client pool
+func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) {
+	switch resource {
+	// Group=reports.x-k8s.io, Version=v1beta2
+	case v1beta2.SchemeGroupVersion.WithResource("clusterreports"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Reports().V1beta2().ClusterReports().Informer()}, nil
+	case v1beta2.SchemeGroupVersion.WithResource("reports"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Reports().V1beta2().Reports().Informer()}, nil
+
+		// Group=wgpolicyk8s.io, Version=v1alpha1
+	case v1alpha1.SchemeGroupVersion.WithResource("clusterpolicyreports"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Wgpolicyk8s().V1alpha1().ClusterPolicyReports().Informer()}, nil
+	case v1alpha1.SchemeGroupVersion.WithResource("policyreports"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Wgpolicyk8s().V1alpha1().PolicyReports().Informer()}, nil
+
+		// Group=wgpolicyk8s.io, Version=v1alpha2
+	case v1alpha2.SchemeGroupVersion.WithResource("clusterpolicyreports"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Wgpolicyk8s().V1alpha2().ClusterPolicyReports().Informer()}, nil
+	case v1alpha2.SchemeGroupVersion.WithResource("policyreports"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Wgpolicyk8s().V1alpha2().PolicyReports().Informer()}, nil
+
+		// Group=wgpolicyk8s.io, Version=v1beta1
+	case v1beta1.SchemeGroupVersion.WithResource("clusterpolicyreports"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Wgpolicyk8s().V1beta1().ClusterPolicyReports().Informer()}, nil
+	case v1beta1.SchemeGroupVersion.WithResource("policyreports"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Wgpolicyk8s().V1beta1().PolicyReports().Informer()}, nil
+
+	}
+
+	return nil, fmt.Errorf("no informer found for %v", resource)
+}
diff --git a/policy-report/pkg/client/informers/externalversions/internalinterfaces/factory_interfaces.go b/policy-report/pkg/client/informers/externalversions/internalinterfaces/factory_interfaces.go
new file mode 100644
index 0000000..10bdf24
--- /dev/null
+++ b/policy-report/pkg/client/informers/externalversions/internalinterfaces/factory_interfaces.go
@@ -0,0 +1,39 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by informer-gen. DO NOT EDIT.
+
+package internalinterfaces
+
+import (
+	time "time"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	cache "k8s.io/client-go/tools/cache"
+	versioned "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned"
+)
+
+// NewInformerFunc takes versioned.Interface and time.Duration to return a SharedIndexInformer.
+type NewInformerFunc func(versioned.Interface, time.Duration) cache.SharedIndexInformer
+
+// SharedInformerFactory a small interface to allow for adding an informer without an import cycle
+type SharedInformerFactory interface {
+	Start(stopCh <-chan struct{})
+	InformerFor(obj runtime.Object, newFunc NewInformerFunc) cache.SharedIndexInformer
+}
+
+// TweakListOptionsFunc is a function that transforms a v1.ListOptions.
+type TweakListOptionsFunc func(*v1.ListOptions)
diff --git a/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/interface.go b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/interface.go
new file mode 100644
index 0000000..894afcb
--- /dev/null
+++ b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/interface.go
@@ -0,0 +1,45 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by informer-gen. DO NOT EDIT.
+
+package reports
+
+import (
+	internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces"
+	v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2"
+)
+
+// Interface provides access to each of this group's versions.
+type Interface interface {
+	// V1beta2 provides access to shared informers for resources in V1beta2.
+	V1beta2() v1beta2.Interface
+}
+
+type group struct {
+	factory          internalinterfaces.SharedInformerFactory
+	namespace        string
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// New returns a new Interface.
+func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
+	return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
+}
+
+// V1beta2 returns a new v1beta2.Interface.
+func (g *group) V1beta2() v1beta2.Interface {
+	return v1beta2.New(g.factory, g.namespace, g.tweakListOptions)
+}
diff --git a/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/clusterreport.go b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/clusterreport.go
new file mode 100644
index 0000000..eed303d
--- /dev/null
+++ b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/clusterreport.go
@@ -0,0 +1,88 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1beta2
+
+import (
+	"context"
+	time "time"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+	reportsxk8siov1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2"
+	versioned "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned"
+	internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces"
+	v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2"
+)
+
+// ClusterReportInformer provides access to a shared informer and lister for
+// ClusterReports.
+type ClusterReportInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1beta2.ClusterReportLister
+}
+
+type clusterReportInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewClusterReportInformer constructs a new informer for ClusterReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewClusterReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredClusterReportInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredClusterReportInformer constructs a new informer for ClusterReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredClusterReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.ReportsV1beta2().ClusterReports().List(context.TODO(), options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.ReportsV1beta2().ClusterReports().Watch(context.TODO(), options)
+			},
+		},
+		&reportsxk8siov1beta2.ClusterReport{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *clusterReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredClusterReportInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *clusterReportInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&reportsxk8siov1beta2.ClusterReport{}, f.defaultInformer)
+}
+
+func (f *clusterReportInformer) Lister() v1beta2.ClusterReportLister {
+	return v1beta2.NewClusterReportLister(f.Informer().GetIndexer())
+}
diff --git a/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/interface.go b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/interface.go
new file mode 100644
index 0000000..3069237
--- /dev/null
+++ b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/interface.go
@@ -0,0 +1,51 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1beta2
+
+import (
+	internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces"
+)
+
+// Interface provides access to all the informers in this group version.
+type Interface interface {
+	// ClusterReports returns a ClusterReportInformer.
+	ClusterReports() ClusterReportInformer
+	// Reports returns a ReportInformer.
+	Reports() ReportInformer
+}
+
+type version struct {
+	factory          internalinterfaces.SharedInformerFactory
+	namespace        string
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// New returns a new Interface.
+func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
+	return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
+}
+
+// ClusterReports returns a ClusterReportInformer.
+func (v *version) ClusterReports() ClusterReportInformer {
+	return &clusterReportInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}
+
+// Reports returns a ReportInformer.
+func (v *version) Reports() ReportInformer {
+	return &reportInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+}
diff --git a/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/report.go b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/report.go
new file mode 100644
index 0000000..7a229d9
--- /dev/null
+++ b/policy-report/pkg/client/informers/externalversions/reports.x-k8s.io/v1beta2/report.go
@@ -0,0 +1,89 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1beta2
+
+import (
+	"context"
+	time "time"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+	reportsxk8siov1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2"
+	versioned "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned"
+	internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces"
+	v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2"
+)
+
+// ReportInformer provides access to a shared informer and lister for
+// Reports.
+type ReportInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1beta2.ReportLister
+}
+
+type reportInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+	namespace        string
+}
+
+// NewReportInformer constructs a new informer for Report type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredReportInformer(client, namespace, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredReportInformer constructs a new informer for Report type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.ReportsV1beta2().Reports(namespace).List(context.TODO(), options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.ReportsV1beta2().Reports(namespace).Watch(context.TODO(), options)
+			},
+		},
+		&reportsxk8siov1beta2.Report{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *reportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredReportInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *reportInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&reportsxk8siov1beta2.Report{}, f.defaultInformer)
+}
+
+func (f *reportInformer) Lister() v1beta2.ReportLister {
+	return v1beta2.NewReportLister(f.Informer().GetIndexer())
+}
diff --git a/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/interface.go b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/interface.go
new file mode 100644
index 0000000..2cafcf7
--- /dev/null
+++ b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/interface.go
@@ -0,0 +1,61 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by informer-gen. DO NOT EDIT.
+
+package wgpolicyk8s
+
+import (
+	internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces"
+	v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1"
+	v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2"
+	v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1"
+)
+
+// Interface provides access to each of this group's versions.
+type Interface interface {
+	// V1alpha1 provides access to shared informers for resources in V1alpha1.
+	V1alpha1() v1alpha1.Interface
+	// V1alpha2 provides access to shared informers for resources in V1alpha2.
+	V1alpha2() v1alpha2.Interface
+	// V1beta1 provides access to shared informers for resources in V1beta1.
+	V1beta1() v1beta1.Interface
+}
+
+type group struct {
+	factory          internalinterfaces.SharedInformerFactory
+	namespace        string
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// New returns a new Interface.
+func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
+	return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
+}
+
+// V1alpha1 returns a new v1alpha1.Interface.
+func (g *group) V1alpha1() v1alpha1.Interface {
+	return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
+}
+
+// V1alpha2 returns a new v1alpha2.Interface.
+func (g *group) V1alpha2() v1alpha2.Interface {
+	return v1alpha2.New(g.factory, g.namespace, g.tweakListOptions)
+}
+
+// V1beta1 returns a new v1beta1.Interface.
+func (g *group) V1beta1() v1beta1.Interface {
+	return v1beta1.New(g.factory, g.namespace, g.tweakListOptions)
+}
diff --git a/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1/clusterpolicyreport.go b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1/clusterpolicyreport.go
new file mode 100644
index 0000000..7eb1b40
--- /dev/null
+++ b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1/clusterpolicyreport.go
@@ -0,0 +1,88 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"context"
+	time "time"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+	wgpolicyk8siov1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1"
+	versioned "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned"
+	internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces"
+	v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1"
+)
+
+// ClusterPolicyReportInformer provides access to a shared informer and lister for
+// ClusterPolicyReports.
+type ClusterPolicyReportInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1alpha1.ClusterPolicyReportLister
+}
+
+type clusterPolicyReportInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewClusterPolicyReportInformer constructs a new informer for ClusterPolicyReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewClusterPolicyReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredClusterPolicyReportInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredClusterPolicyReportInformer constructs a new informer for ClusterPolicyReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredClusterPolicyReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.Wgpolicyk8sV1alpha1().ClusterPolicyReports().List(context.TODO(), options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.Wgpolicyk8sV1alpha1().ClusterPolicyReports().Watch(context.TODO(), options)
+			},
+		},
+		&wgpolicyk8siov1alpha1.ClusterPolicyReport{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *clusterPolicyReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredClusterPolicyReportInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *clusterPolicyReportInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&wgpolicyk8siov1alpha1.ClusterPolicyReport{}, f.defaultInformer)
+}
+
+func (f *clusterPolicyReportInformer) Lister() v1alpha1.ClusterPolicyReportLister {
+	return v1alpha1.NewClusterPolicyReportLister(f.Informer().GetIndexer())
+}
diff --git a/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1/interface.go b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1/interface.go
new file mode 100644
index 0000000..12f4355
--- /dev/null
+++ b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1/interface.go
@@ -0,0 +1,51 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces"
+)
+
+// Interface provides access to all the informers in this group version.
+type Interface interface {
+	// ClusterPolicyReports returns a ClusterPolicyReportInformer.
+	ClusterPolicyReports() ClusterPolicyReportInformer
+	// PolicyReports returns a PolicyReportInformer.
+	PolicyReports() PolicyReportInformer
+}
+
+type version struct {
+	factory          internalinterfaces.SharedInformerFactory
+	namespace        string
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// New returns a new Interface.
+func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
+	return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
+}
+
+// ClusterPolicyReports returns a ClusterPolicyReportInformer.
+func (v *version) ClusterPolicyReports() ClusterPolicyReportInformer {
+	return &clusterPolicyReportInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}
+
+// PolicyReports returns a PolicyReportInformer.
+func (v *version) PolicyReports() PolicyReportInformer {
+	return &policyReportInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+}
diff --git a/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1/policyreport.go b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1/policyreport.go
new file mode 100644
index 0000000..1f4fc40
--- /dev/null
+++ b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha1/policyreport.go
@@ -0,0 +1,89 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"context"
+	time "time"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+	wgpolicyk8siov1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1"
+	versioned "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned"
+	internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces"
+	v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1"
+)
+
+// PolicyReportInformer provides access to a shared informer and lister for
+// PolicyReports.
+type PolicyReportInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1alpha1.PolicyReportLister
+}
+
+type policyReportInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+	namespace        string
+}
+
+// NewPolicyReportInformer constructs a new informer for PolicyReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewPolicyReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredPolicyReportInformer(client, namespace, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredPolicyReportInformer constructs a new informer for PolicyReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredPolicyReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.Wgpolicyk8sV1alpha1().PolicyReports(namespace).List(context.TODO(), options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.Wgpolicyk8sV1alpha1().PolicyReports(namespace).Watch(context.TODO(), options)
+			},
+		},
+		&wgpolicyk8siov1alpha1.PolicyReport{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *policyReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredPolicyReportInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *policyReportInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&wgpolicyk8siov1alpha1.PolicyReport{}, f.defaultInformer)
+}
+
+func (f *policyReportInformer) Lister() v1alpha1.PolicyReportLister {
+	return v1alpha1.NewPolicyReportLister(f.Informer().GetIndexer())
+}
diff --git a/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2/clusterpolicyreport.go b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2/clusterpolicyreport.go
new file mode 100644
index 0000000..9b40ce9
--- /dev/null
+++ b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2/clusterpolicyreport.go
@@ -0,0 +1,88 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha2
+
+import (
+	"context"
+	time "time"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+	wgpolicyk8siov1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2"
+	versioned "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned"
+	internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces"
+	v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2"
+)
+
+// ClusterPolicyReportInformer provides access to a shared informer and lister for
+// ClusterPolicyReports.
+type ClusterPolicyReportInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1alpha2.ClusterPolicyReportLister
+}
+
+type clusterPolicyReportInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewClusterPolicyReportInformer constructs a new informer for ClusterPolicyReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewClusterPolicyReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredClusterPolicyReportInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredClusterPolicyReportInformer constructs a new informer for ClusterPolicyReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredClusterPolicyReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().List(context.TODO(), options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Watch(context.TODO(), options)
+			},
+		},
+		&wgpolicyk8siov1alpha2.ClusterPolicyReport{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *clusterPolicyReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredClusterPolicyReportInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *clusterPolicyReportInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&wgpolicyk8siov1alpha2.ClusterPolicyReport{}, f.defaultInformer)
+}
+
+func (f *clusterPolicyReportInformer) Lister() v1alpha2.ClusterPolicyReportLister {
+	return v1alpha2.NewClusterPolicyReportLister(f.Informer().GetIndexer())
+}
diff --git a/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2/interface.go b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2/interface.go
new file mode 100644
index 0000000..7a9ee6b
--- /dev/null
+++ b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2/interface.go
@@ -0,0 +1,51 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha2
+
+import (
+	internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces"
+)
+
+// Interface provides access to all the informers in this group version.
+type Interface interface {
+	// ClusterPolicyReports returns a ClusterPolicyReportInformer.
+	ClusterPolicyReports() ClusterPolicyReportInformer
+	// PolicyReports returns a PolicyReportInformer.
+	PolicyReports() PolicyReportInformer
+}
+
+type version struct {
+	factory          internalinterfaces.SharedInformerFactory
+	namespace        string
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// New returns a new Interface.
+func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
+	return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
+}
+
+// ClusterPolicyReports returns a ClusterPolicyReportInformer.
+func (v *version) ClusterPolicyReports() ClusterPolicyReportInformer {
+	return &clusterPolicyReportInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}
+
+// PolicyReports returns a PolicyReportInformer.
+func (v *version) PolicyReports() PolicyReportInformer {
+	return &policyReportInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+}
diff --git a/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2/policyreport.go b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2/policyreport.go
new file mode 100644
index 0000000..b725803
--- /dev/null
+++ b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1alpha2/policyreport.go
@@ -0,0 +1,89 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha2
+
+import (
+	"context"
+	time "time"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+	wgpolicyk8siov1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2"
+	versioned "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned"
+	internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces"
+	v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2"
+)
+
+// PolicyReportInformer provides access to a shared informer and lister for
+// PolicyReports.
+type PolicyReportInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1alpha2.PolicyReportLister
+}
+
+type policyReportInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+	namespace        string
+}
+
+// NewPolicyReportInformer constructs a new informer for PolicyReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewPolicyReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredPolicyReportInformer(client, namespace, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredPolicyReportInformer constructs a new informer for PolicyReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredPolicyReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.Wgpolicyk8sV1alpha2().PolicyReports(namespace).List(context.TODO(), options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.Wgpolicyk8sV1alpha2().PolicyReports(namespace).Watch(context.TODO(), options)
+			},
+		},
+		&wgpolicyk8siov1alpha2.PolicyReport{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *policyReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredPolicyReportInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *policyReportInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&wgpolicyk8siov1alpha2.PolicyReport{}, f.defaultInformer)
+}
+
+func (f *policyReportInformer) Lister() v1alpha2.PolicyReportLister {
+	return v1alpha2.NewPolicyReportLister(f.Informer().GetIndexer())
+}
diff --git a/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1/clusterpolicyreport.go b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1/clusterpolicyreport.go
new file mode 100644
index 0000000..6866832
--- /dev/null
+++ b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1/clusterpolicyreport.go
@@ -0,0 +1,88 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	"context"
+	time "time"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+	wgpolicyk8siov1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1"
+	versioned "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned"
+	internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces"
+	v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1"
+)
+
+// ClusterPolicyReportInformer provides access to a shared informer and lister for
+// ClusterPolicyReports.
+type ClusterPolicyReportInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1beta1.ClusterPolicyReportLister
+}
+
+type clusterPolicyReportInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewClusterPolicyReportInformer constructs a new informer for ClusterPolicyReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewClusterPolicyReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredClusterPolicyReportInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredClusterPolicyReportInformer constructs a new informer for ClusterPolicyReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredClusterPolicyReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.Wgpolicyk8sV1beta1().ClusterPolicyReports().List(context.TODO(), options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.Wgpolicyk8sV1beta1().ClusterPolicyReports().Watch(context.TODO(), options)
+			},
+		},
+		&wgpolicyk8siov1beta1.ClusterPolicyReport{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *clusterPolicyReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredClusterPolicyReportInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *clusterPolicyReportInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&wgpolicyk8siov1beta1.ClusterPolicyReport{}, f.defaultInformer)
+}
+
+func (f *clusterPolicyReportInformer) Lister() v1beta1.ClusterPolicyReportLister {
+	return v1beta1.NewClusterPolicyReportLister(f.Informer().GetIndexer())
+}
diff --git a/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1/interface.go b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1/interface.go
new file mode 100644
index 0000000..854118e
--- /dev/null
+++ b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1/interface.go
@@ -0,0 +1,51 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces"
+)
+
+// Interface provides access to all the informers in this group version.
+type Interface interface {
+	// ClusterPolicyReports returns a ClusterPolicyReportInformer.
+	ClusterPolicyReports() ClusterPolicyReportInformer
+	// PolicyReports returns a PolicyReportInformer.
+	PolicyReports() PolicyReportInformer
+}
+
+type version struct {
+	factory          internalinterfaces.SharedInformerFactory
+	namespace        string
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// New returns a new Interface.
+func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
+	return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
+}
+
+// ClusterPolicyReports returns a ClusterPolicyReportInformer.
+func (v *version) ClusterPolicyReports() ClusterPolicyReportInformer {
+	return &clusterPolicyReportInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}
+
+// PolicyReports returns a PolicyReportInformer.
+func (v *version) PolicyReports() PolicyReportInformer {
+	return &policyReportInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+}
diff --git a/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1/policyreport.go b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1/policyreport.go
new file mode 100644
index 0000000..884d835
--- /dev/null
+++ b/policy-report/pkg/client/informers/externalversions/wgpolicyk8s.io/v1beta1/policyreport.go
@@ -0,0 +1,89 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	"context"
+	time "time"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+	wgpolicyk8siov1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1"
+	versioned "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/clientset/versioned"
+	internalinterfaces "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/informers/externalversions/internalinterfaces"
+	v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1"
+)
+
+// PolicyReportInformer provides access to a shared informer and lister for
+// PolicyReports.
+type PolicyReportInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1beta1.PolicyReportLister
+}
+
+type policyReportInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+	namespace        string
+}
+
+// NewPolicyReportInformer constructs a new informer for PolicyReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewPolicyReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredPolicyReportInformer(client, namespace, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredPolicyReportInformer constructs a new informer for PolicyReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredPolicyReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.Wgpolicyk8sV1beta1().PolicyReports(namespace).List(context.TODO(), options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.Wgpolicyk8sV1beta1().PolicyReports(namespace).Watch(context.TODO(), options)
+			},
+		},
+		&wgpolicyk8siov1beta1.PolicyReport{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *policyReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredPolicyReportInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *policyReportInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&wgpolicyk8siov1beta1.PolicyReport{}, f.defaultInformer)
+}
+
+func (f *policyReportInformer) Lister() v1beta1.PolicyReportLister {
+	return v1beta1.NewPolicyReportLister(f.Informer().GetIndexer())
+}
diff --git a/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/clusterreport.go b/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/clusterreport.go
new file mode 100644
index 0000000..38eb371
--- /dev/null
+++ b/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/clusterreport.go
@@ -0,0 +1,67 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1beta2
+
+import (
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+	v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2"
+)
+
+// ClusterReportLister helps list ClusterReports.
+// All objects returned here must be treated as read-only.
+type ClusterReportLister interface {
+	// List lists all ClusterReports in the indexer.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1beta2.ClusterReport, err error)
+	// Get retrieves the ClusterReport from the index for a given name.
+	// Objects returned here must be treated as read-only.
+	Get(name string) (*v1beta2.ClusterReport, error)
+	ClusterReportListerExpansion
+}
+
+// clusterReportLister implements the ClusterReportLister interface.
+type clusterReportLister struct {
+	indexer cache.Indexer
+}
+
+// NewClusterReportLister returns a new ClusterReportLister.
+func NewClusterReportLister(indexer cache.Indexer) ClusterReportLister {
+	return &clusterReportLister{indexer: indexer}
+}
+
+// List lists all ClusterReports in the indexer.
+func (s *clusterReportLister) List(selector labels.Selector) (ret []*v1beta2.ClusterReport, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1beta2.ClusterReport))
+	})
+	return ret, err
+}
+
+// Get retrieves the ClusterReport from the index for a given name.
+func (s *clusterReportLister) Get(name string) (*v1beta2.ClusterReport, error) {
+	obj, exists, err := s.indexer.GetByKey(name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1beta2.Resource("clusterreport"), name)
+	}
+	return obj.(*v1beta2.ClusterReport), nil
+}
diff --git a/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/expansion_generated.go b/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/expansion_generated.go
new file mode 100644
index 0000000..3dfd739
--- /dev/null
+++ b/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/expansion_generated.go
@@ -0,0 +1,30 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1beta2
+
+// ClusterReportListerExpansion allows custom methods to be added to
+// ClusterReportLister.
+type ClusterReportListerExpansion interface{}
+
+// ReportListerExpansion allows custom methods to be added to
+// ReportLister.
+type ReportListerExpansion interface{}
+
+// ReportNamespaceListerExpansion allows custom methods to be added to
+// ReportNamespaceLister.
+type ReportNamespaceListerExpansion interface{}
diff --git a/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/report.go b/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/report.go
new file mode 100644
index 0000000..630f81b
--- /dev/null
+++ b/policy-report/pkg/client/listers/reports.x-k8s.io/v1beta2/report.go
@@ -0,0 +1,98 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1beta2
+
+import (
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+	v1beta2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/reports.x-k8s.io/v1beta2"
+)
+
+// ReportLister helps list Reports.
+// All objects returned here must be treated as read-only.
+type ReportLister interface {
+	// List lists all Reports in the indexer.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1beta2.Report, err error)
+	// Reports returns an object that can list and get Reports.
+	Reports(namespace string) ReportNamespaceLister
+	ReportListerExpansion
+}
+
+// reportLister implements the ReportLister interface.
+type reportLister struct {
+	indexer cache.Indexer
+}
+
+// NewReportLister returns a new ReportLister.
+func NewReportLister(indexer cache.Indexer) ReportLister {
+	return &reportLister{indexer: indexer}
+}
+
+// List lists all Reports in the indexer.
+func (s *reportLister) List(selector labels.Selector) (ret []*v1beta2.Report, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1beta2.Report))
+	})
+	return ret, err
+}
+
+// Reports returns an object that can list and get Reports.
+func (s *reportLister) Reports(namespace string) ReportNamespaceLister {
+	return reportNamespaceLister{indexer: s.indexer, namespace: namespace}
+}
+
+// ReportNamespaceLister helps list and get Reports.
+// All objects returned here must be treated as read-only.
+type ReportNamespaceLister interface {
+	// List lists all Reports in the indexer for a given namespace.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1beta2.Report, err error)
+	// Get retrieves the Report from the indexer for a given namespace and name.
+	// Objects returned here must be treated as read-only.
+	Get(name string) (*v1beta2.Report, error)
+	ReportNamespaceListerExpansion
+}
+
+// reportNamespaceLister implements the ReportNamespaceLister
+// interface.
+type reportNamespaceLister struct {
+	indexer   cache.Indexer
+	namespace string
+}
+
+// List lists all Reports in the indexer for a given namespace.
+func (s reportNamespaceLister) List(selector labels.Selector) (ret []*v1beta2.Report, err error) {
+	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1beta2.Report))
+	})
+	return ret, err
+}
+
+// Get retrieves the Report from the indexer for a given namespace and name.
+func (s reportNamespaceLister) Get(name string) (*v1beta2.Report, error) {
+	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1beta2.Resource("report"), name)
+	}
+	return obj.(*v1beta2.Report), nil
+}
diff --git a/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1/clusterpolicyreport.go b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1/clusterpolicyreport.go
new file mode 100644
index 0000000..24f720a
--- /dev/null
+++ b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1/clusterpolicyreport.go
@@ -0,0 +1,67 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+	v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1"
+)
+
+// ClusterPolicyReportLister helps list ClusterPolicyReports.
+// All objects returned here must be treated as read-only.
+type ClusterPolicyReportLister interface {
+	// List lists all ClusterPolicyReports in the indexer.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1alpha1.ClusterPolicyReport, err error)
+	// Get retrieves the ClusterPolicyReport from the index for a given name.
+	// Objects returned here must be treated as read-only.
+	Get(name string) (*v1alpha1.ClusterPolicyReport, error)
+	ClusterPolicyReportListerExpansion
+}
+
+// clusterPolicyReportLister implements the ClusterPolicyReportLister interface.
+type clusterPolicyReportLister struct {
+	indexer cache.Indexer
+}
+
+// NewClusterPolicyReportLister returns a new ClusterPolicyReportLister.
+func NewClusterPolicyReportLister(indexer cache.Indexer) ClusterPolicyReportLister {
+	return &clusterPolicyReportLister{indexer: indexer}
+}
+
+// List lists all ClusterPolicyReports in the indexer.
+func (s *clusterPolicyReportLister) List(selector labels.Selector) (ret []*v1alpha1.ClusterPolicyReport, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1alpha1.ClusterPolicyReport))
+	})
+	return ret, err
+}
+
+// Get retrieves the ClusterPolicyReport from the index for a given name.
+func (s *clusterPolicyReportLister) Get(name string) (*v1alpha1.ClusterPolicyReport, error) {
+	obj, exists, err := s.indexer.GetByKey(name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1alpha1.Resource("clusterpolicyreport"), name)
+	}
+	return obj.(*v1alpha1.ClusterPolicyReport), nil
+}
diff --git a/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1/expansion_generated.go b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1/expansion_generated.go
new file mode 100644
index 0000000..4febc20
--- /dev/null
+++ b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1/expansion_generated.go
@@ -0,0 +1,30 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha1
+
+// ClusterPolicyReportListerExpansion allows custom methods to be added to
+// ClusterPolicyReportLister.
+type ClusterPolicyReportListerExpansion interface{}
+
+// PolicyReportListerExpansion allows custom methods to be added to
+// PolicyReportLister.
+type PolicyReportListerExpansion interface{}
+
+// PolicyReportNamespaceListerExpansion allows custom methods to be added to
+// PolicyReportNamespaceLister.
+type PolicyReportNamespaceListerExpansion interface{}
diff --git a/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1/policyreport.go b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1/policyreport.go
new file mode 100644
index 0000000..630052b
--- /dev/null
+++ b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha1/policyreport.go
@@ -0,0 +1,98 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+	v1alpha1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha1"
+)
+
+// PolicyReportLister helps list PolicyReports.
+// All objects returned here must be treated as read-only.
+type PolicyReportLister interface {
+	// List lists all PolicyReports in the indexer.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1alpha1.PolicyReport, err error)
+	// PolicyReports returns an object that can list and get PolicyReports.
+	PolicyReports(namespace string) PolicyReportNamespaceLister
+	PolicyReportListerExpansion
+}
+
+// policyReportLister implements the PolicyReportLister interface.
+type policyReportLister struct {
+	indexer cache.Indexer
+}
+
+// NewPolicyReportLister returns a new PolicyReportLister.
+func NewPolicyReportLister(indexer cache.Indexer) PolicyReportLister {
+	return &policyReportLister{indexer: indexer}
+}
+
+// List lists all PolicyReports in the indexer.
+func (s *policyReportLister) List(selector labels.Selector) (ret []*v1alpha1.PolicyReport, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1alpha1.PolicyReport))
+	})
+	return ret, err
+}
+
+// PolicyReports returns an object that can list and get PolicyReports.
+func (s *policyReportLister) PolicyReports(namespace string) PolicyReportNamespaceLister {
+	return policyReportNamespaceLister{indexer: s.indexer, namespace: namespace}
+}
+
+// PolicyReportNamespaceLister helps list and get PolicyReports.
+// All objects returned here must be treated as read-only.
+type PolicyReportNamespaceLister interface {
+	// List lists all PolicyReports in the indexer for a given namespace.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1alpha1.PolicyReport, err error)
+	// Get retrieves the PolicyReport from the indexer for a given namespace and name.
+	// Objects returned here must be treated as read-only.
+	Get(name string) (*v1alpha1.PolicyReport, error)
+	PolicyReportNamespaceListerExpansion
+}
+
+// policyReportNamespaceLister implements the PolicyReportNamespaceLister
+// interface.
+type policyReportNamespaceLister struct {
+	indexer   cache.Indexer
+	namespace string
+}
+
+// List lists all PolicyReports in the indexer for a given namespace.
+func (s policyReportNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.PolicyReport, err error) {
+	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1alpha1.PolicyReport))
+	})
+	return ret, err
+}
+
+// Get retrieves the PolicyReport from the indexer for a given namespace and name.
+func (s policyReportNamespaceLister) Get(name string) (*v1alpha1.PolicyReport, error) {
+	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1alpha1.Resource("policyreport"), name)
+	}
+	return obj.(*v1alpha1.PolicyReport), nil
+}
diff --git a/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2/clusterpolicyreport.go b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2/clusterpolicyreport.go
new file mode 100644
index 0000000..ecf0817
--- /dev/null
+++ b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2/clusterpolicyreport.go
@@ -0,0 +1,67 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha2
+
+import (
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+	v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2"
+)
+
+// ClusterPolicyReportLister helps list ClusterPolicyReports.
+// All objects returned here must be treated as read-only.
+type ClusterPolicyReportLister interface {
+	// List lists all ClusterPolicyReports in the indexer.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1alpha2.ClusterPolicyReport, err error)
+	// Get retrieves the ClusterPolicyReport from the index for a given name.
+	// Objects returned here must be treated as read-only.
+	Get(name string) (*v1alpha2.ClusterPolicyReport, error)
+	ClusterPolicyReportListerExpansion
+}
+
+// clusterPolicyReportLister implements the ClusterPolicyReportLister interface.
+type clusterPolicyReportLister struct {
+	indexer cache.Indexer
+}
+
+// NewClusterPolicyReportLister returns a new ClusterPolicyReportLister.
+func NewClusterPolicyReportLister(indexer cache.Indexer) ClusterPolicyReportLister {
+	return &clusterPolicyReportLister{indexer: indexer}
+}
+
+// List lists all ClusterPolicyReports in the indexer.
+func (s *clusterPolicyReportLister) List(selector labels.Selector) (ret []*v1alpha2.ClusterPolicyReport, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1alpha2.ClusterPolicyReport))
+	})
+	return ret, err
+}
+
+// Get retrieves the ClusterPolicyReport from the index for a given name.
+func (s *clusterPolicyReportLister) Get(name string) (*v1alpha2.ClusterPolicyReport, error) {
+	obj, exists, err := s.indexer.GetByKey(name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1alpha2.Resource("clusterpolicyreport"), name)
+	}
+	return obj.(*v1alpha2.ClusterPolicyReport), nil
+}
diff --git a/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2/expansion_generated.go b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2/expansion_generated.go
new file mode 100644
index 0000000..697c49c
--- /dev/null
+++ b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2/expansion_generated.go
@@ -0,0 +1,30 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha2
+
+// ClusterPolicyReportListerExpansion allows custom methods to be added to
+// ClusterPolicyReportLister.
+type ClusterPolicyReportListerExpansion interface{}
+
+// PolicyReportListerExpansion allows custom methods to be added to
+// PolicyReportLister.
+type PolicyReportListerExpansion interface{}
+
+// PolicyReportNamespaceListerExpansion allows custom methods to be added to
+// PolicyReportNamespaceLister.
+type PolicyReportNamespaceListerExpansion interface{}
diff --git a/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2/policyreport.go b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2/policyreport.go
new file mode 100644
index 0000000..cf145de
--- /dev/null
+++ b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1alpha2/policyreport.go
@@ -0,0 +1,98 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha2
+
+import (
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+	v1alpha2 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1alpha2"
+)
+
+// PolicyReportLister helps list PolicyReports.
+// All objects returned here must be treated as read-only.
+type PolicyReportLister interface {
+	// List lists all PolicyReports in the indexer.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1alpha2.PolicyReport, err error)
+	// PolicyReports returns an object that can list and get PolicyReports.
+	PolicyReports(namespace string) PolicyReportNamespaceLister
+	PolicyReportListerExpansion
+}
+
+// policyReportLister implements the PolicyReportLister interface.
+type policyReportLister struct {
+	indexer cache.Indexer
+}
+
+// NewPolicyReportLister returns a new PolicyReportLister.
+func NewPolicyReportLister(indexer cache.Indexer) PolicyReportLister {
+	return &policyReportLister{indexer: indexer}
+}
+
+// List lists all PolicyReports in the indexer.
+func (s *policyReportLister) List(selector labels.Selector) (ret []*v1alpha2.PolicyReport, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1alpha2.PolicyReport))
+	})
+	return ret, err
+}
+
+// PolicyReports returns an object that can list and get PolicyReports.
+func (s *policyReportLister) PolicyReports(namespace string) PolicyReportNamespaceLister {
+	return policyReportNamespaceLister{indexer: s.indexer, namespace: namespace}
+}
+
+// PolicyReportNamespaceLister helps list and get PolicyReports.
+// All objects returned here must be treated as read-only.
+type PolicyReportNamespaceLister interface {
+	// List lists all PolicyReports in the indexer for a given namespace.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1alpha2.PolicyReport, err error)
+	// Get retrieves the PolicyReport from the indexer for a given namespace and name.
+	// Objects returned here must be treated as read-only.
+	Get(name string) (*v1alpha2.PolicyReport, error)
+	PolicyReportNamespaceListerExpansion
+}
+
+// policyReportNamespaceLister implements the PolicyReportNamespaceLister
+// interface.
+type policyReportNamespaceLister struct {
+	indexer   cache.Indexer
+	namespace string
+}
+
+// List lists all PolicyReports in the indexer for a given namespace.
+func (s policyReportNamespaceLister) List(selector labels.Selector) (ret []*v1alpha2.PolicyReport, err error) {
+	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1alpha2.PolicyReport))
+	})
+	return ret, err
+}
+
+// Get retrieves the PolicyReport from the indexer for a given namespace and name.
+func (s policyReportNamespaceLister) Get(name string) (*v1alpha2.PolicyReport, error) {
+	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1alpha2.Resource("policyreport"), name)
+	}
+	return obj.(*v1alpha2.PolicyReport), nil
+}
diff --git a/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1/clusterpolicyreport.go b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1/clusterpolicyreport.go
new file mode 100644
index 0000000..535a54c
--- /dev/null
+++ b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1/clusterpolicyreport.go
@@ -0,0 +1,67 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+	v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1"
+)
+
+// ClusterPolicyReportLister helps list ClusterPolicyReports.
+// All objects returned here must be treated as read-only.
+type ClusterPolicyReportLister interface {
+	// List lists all ClusterPolicyReports in the indexer.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1beta1.ClusterPolicyReport, err error)
+	// Get retrieves the ClusterPolicyReport from the index for a given name.
+	// Objects returned here must be treated as read-only.
+	Get(name string) (*v1beta1.ClusterPolicyReport, error)
+	ClusterPolicyReportListerExpansion
+}
+
+// clusterPolicyReportLister implements the ClusterPolicyReportLister interface.
+type clusterPolicyReportLister struct {
+	indexer cache.Indexer
+}
+
+// NewClusterPolicyReportLister returns a new ClusterPolicyReportLister.
+func NewClusterPolicyReportLister(indexer cache.Indexer) ClusterPolicyReportLister {
+	return &clusterPolicyReportLister{indexer: indexer}
+}
+
+// List lists all ClusterPolicyReports in the indexer.
+func (s *clusterPolicyReportLister) List(selector labels.Selector) (ret []*v1beta1.ClusterPolicyReport, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1beta1.ClusterPolicyReport))
+	})
+	return ret, err
+}
+
+// Get retrieves the ClusterPolicyReport from the index for a given name.
+func (s *clusterPolicyReportLister) Get(name string) (*v1beta1.ClusterPolicyReport, error) {
+	obj, exists, err := s.indexer.GetByKey(name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1beta1.Resource("clusterpolicyreport"), name)
+	}
+	return obj.(*v1beta1.ClusterPolicyReport), nil
+}
diff --git a/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1/expansion_generated.go b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1/expansion_generated.go
new file mode 100644
index 0000000..a1ac28d
--- /dev/null
+++ b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1/expansion_generated.go
@@ -0,0 +1,30 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1beta1
+
+// ClusterPolicyReportListerExpansion allows custom methods to be added to
+// ClusterPolicyReportLister.
+type ClusterPolicyReportListerExpansion interface{}
+
+// PolicyReportListerExpansion allows custom methods to be added to
+// PolicyReportLister.
+type PolicyReportListerExpansion interface{}
+
+// PolicyReportNamespaceListerExpansion allows custom methods to be added to
+// PolicyReportNamespaceLister.
+type PolicyReportNamespaceListerExpansion interface{}
diff --git a/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1/policyreport.go b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1/policyreport.go
new file mode 100644
index 0000000..043aba0
--- /dev/null
+++ b/policy-report/pkg/client/listers/wgpolicyk8s.io/v1beta1/policyreport.go
@@ -0,0 +1,98 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+	v1beta1 "sigs.k8s.io/wg-policy-prototypes/policy-report/apis/wgpolicyk8s.io/v1beta1"
+)
+
+// PolicyReportLister helps list PolicyReports.
+// All objects returned here must be treated as read-only.
+type PolicyReportLister interface {
+	// List lists all PolicyReports in the indexer.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1beta1.PolicyReport, err error)
+	// PolicyReports returns an object that can list and get PolicyReports.
+	PolicyReports(namespace string) PolicyReportNamespaceLister
+	PolicyReportListerExpansion
+}
+
+// policyReportLister implements the PolicyReportLister interface.
+type policyReportLister struct {
+	indexer cache.Indexer
+}
+
+// NewPolicyReportLister returns a new PolicyReportLister.
+func NewPolicyReportLister(indexer cache.Indexer) PolicyReportLister {
+	return &policyReportLister{indexer: indexer}
+}
+
+// List lists all PolicyReports in the indexer.
+func (s *policyReportLister) List(selector labels.Selector) (ret []*v1beta1.PolicyReport, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1beta1.PolicyReport))
+	})
+	return ret, err
+}
+
+// PolicyReports returns an object that can list and get PolicyReports.
+func (s *policyReportLister) PolicyReports(namespace string) PolicyReportNamespaceLister {
+	return policyReportNamespaceLister{indexer: s.indexer, namespace: namespace}
+}
+
+// PolicyReportNamespaceLister helps list and get PolicyReports.
+// All objects returned here must be treated as read-only.
+type PolicyReportNamespaceLister interface {
+	// List lists all PolicyReports in the indexer for a given namespace.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1beta1.PolicyReport, err error)
+	// Get retrieves the PolicyReport from the indexer for a given namespace and name.
+	// Objects returned here must be treated as read-only.
+	Get(name string) (*v1beta1.PolicyReport, error)
+	PolicyReportNamespaceListerExpansion
+}
+
+// policyReportNamespaceLister implements the PolicyReportNamespaceLister
+// interface.
+type policyReportNamespaceLister struct {
+	indexer   cache.Indexer
+	namespace string
+}
+
+// List lists all PolicyReports in the indexer for a given namespace.
+func (s policyReportNamespaceLister) List(selector labels.Selector) (ret []*v1beta1.PolicyReport, err error) {
+	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1beta1.PolicyReport))
+	})
+	return ret, err
+}
+
+// Get retrieves the PolicyReport from the indexer for a given namespace and name.
+func (s policyReportNamespaceLister) Get(name string) (*v1beta1.PolicyReport, error) {
+	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1beta1.Resource("policyreport"), name)
+	}
+	return obj.(*v1beta1.PolicyReport), nil
+}
diff --git a/policy-report/samples/sample-cis-k8s.yaml b/policy-report/samples/sample-cis-k8s.yaml
new file mode 100644
index 0000000..0c5e4ba
--- /dev/null
+++ b/policy-report/samples/sample-cis-k8s.yaml
@@ -0,0 +1,37 @@
+apiVersion: reports.x-k8s.io/v1beta2
+kind: Report
+metadata:
+  name: sample-cis-bench-api-server
+  annotations:
+    name: CIS Kubernetes Benchmarks
+    category: API Server
+    version: v1.5.1 - 02-14-2020
+source: kube-bench-adapter
+summary:
+  pass: 8
+  fail: 2
+  warn: 0
+  error: 0
+  skip: 0
+results:
+  - policy: api-server:anonymous-auth
+    message: ensure that --anonymous-auth argument is set to false
+    result: warn
+    scored: true
+    properties:
+      category: API Server
+      index: 1.2.2
+  - policy: api-server:basic-auth-file
+    message: ensure that --basic-auth-file argument is not set
+    result: fail
+    scored: true
+    properties:
+      category: API Server
+      index: 1.2.2
+  - policy: api-server:token-auth-file
+    message: ensure that --token-auth-file argument is not set
+    result: warn
+    scored: false
+    properties:
+      category: API Server
+      index: 1.2.2
diff --git a/policy-report/samples/sample-co.yaml b/policy-report/samples/sample-co.yaml
new file mode 100644
index 0000000..725e054
--- /dev/null
+++ b/policy-report/samples/sample-co.yaml
@@ -0,0 +1,39 @@
+apiVersion: wgpolicyk8s.io/v1alpha2
+kind: PolicyReport
+metadata:
+  name: sample-fedramp-compliance-operator
+  labels:
+    policy.kubernetes.io/engine: openshift-compliance-operator
+  annotations:
+    name: FedRAMP Moderate Benchmarks
+    category: OCP4 CoreOS
+    file: ssg-ocp4-ds.xml
+    version: v1.5.1 - 02-14-2020
+summary:
+  pass: 8
+  fail: 1
+  warn: 1
+  error: 0
+  skip: 0
+results:
+  - policy: xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open
+    message: |-
+      Record Events that Modify User/Group Information via open syscall - /etc/group
+      Creation of groups through direct edition of /etc/group could be an indicator of malicious activity on a system.
+      Auditing these events could serve as evidence of potential system compromise.
+    result: fail
+    scored: true
+    severity: medium
+    properties:
+      suite: fedramp-moderate
+      scan: workers-scan
+  - policy: xccdf_org.ssgproject.content_rule_sshd_limit_user_access
+    message: |-
+      Limit Users' SSH Access
+      Specifying which accounts are allowed SSH access into the system reduces the
+      possibility of unauthorized access to the system.
+    result: warn
+    scored: false
+    properties:
+      suite: fedramp-moderate
+      scan: workers-scan
diff --git a/policy-report/samples/sample-falco-policy.yaml b/policy-report/samples/sample-falco-policy.yaml
new file mode 100644
index 0000000..3992906
--- /dev/null
+++ b/policy-report/samples/sample-falco-policy.yaml
@@ -0,0 +1,47 @@
+apiVersion: wgpolicyk8s.io/v1alpha2
+kind: PolicyReport
+metadata:
+  name: falco-alerts-policy
+  namespace: my-namespace
+  labels:
+    policy.kubernetes.io/engine: falco-agent
+summary:
+  fail: 1
+results:
+- policy: "Change thread namespace"
+  message: "Falco alert created due to the Change thread namespace rule"
+  result: fail
+  scored: false
+  resources:
+    - apiVersion: v1
+      kind: Pod
+      name: a-pod
+      namespace: my-namespace
+  properties:
+    details: '12:57:37.086240437: Notice Namespace change (setns) by unexpected program (user=root user_loginuid=-1 command=ovnkube --init-node ...'
+    container.id: "0f8d7e2a3296"
+    evt.arg.path: "/bin/directory-created-by-event-generator"
+    proc.cmdline: "event-generator run --loop ^syscall"
+    severity: low
+---
+apiVersion: wgpolicyk8s.io/v1alpha2
+kind: ClusterPolicyReport
+metadata:
+  name: falco-alerts-policy
+  labels:
+    policy.kubernetes.io/engine: falco-agent
+summary:
+  fail: 1
+results:
+- policy: audit
+  message: "audit rule violation from the kubernetes api server"
+  result: fail
+  scored: false
+  properties:
+    details: 'Warning K8s Operation performed by user not in allowed list of users'
+    severity: medium
+    user: username
+    target: kubernetes/endpoints
+    verb: create
+    uri: '/api/v1/namespaces/default/endpoints/kubernetes'
+    resp: '200'
diff --git a/policy-report/samples/sample-rhacm-policy.yaml b/policy-report/samples/sample-rhacm-policy.yaml
new file mode 100644
index 0000000..2db9d0e
--- /dev/null
+++ b/policy-report/samples/sample-rhacm-policy.yaml
@@ -0,0 +1,30 @@
+apiVersion: wgpolicyk8s.io/v1alpha2
+kind: PolicyReport
+metadata:
+  name: sample-rhacm-policy
+  labels:
+    policy.kubernetes.io/engine: rhacm-configuration-policy
+scope:
+  apiVersion: policy.open-cluster-management.io/v1
+  kind: Policy
+  name: policy-imagemanifestvuln
+  namespace: cluster1
+summary:
+  pass: 1
+  fail: 11
+results:
+- policy: mustnothaveimagevuln
+  message: must not have imagemanifestvulns
+  result: fail
+  scored: false
+  resources:
+    - apiVersion: secscan.quay.redhat.com/v1alpha1
+      kind: ImageManifestVuln
+      name: sha256.8d104847fc2371a983f7cb01c7c0a3ab35b7381d6bf7ce355d9b32a08c0031f0
+      namespace: openshift-cluster-version
+  properties:
+    details: 'NonCompliant; violation - imagemanifestvulns exist and should be deleted: [sha256.8d104847fc2371a983f7cb01c7c0a3ab35b7381d6bf7ce355d9b32a08c0031f0] in namespace openshift-cluster-version'
+    standards: NIST-CSF
+    categories: 'DE.CM Security Continuous Monitoring'
+    controls: 'DE.CM-8 Vulnerability scans'
+    severity: high
\ No newline at end of file
diff --git a/policy-report/samples/sample-v1beta1-kyverno.yaml b/policy-report/samples/sample-v1beta1-kyverno.yaml
new file mode 100644
index 0000000..c48681f
--- /dev/null
+++ b/policy-report/samples/sample-v1beta1-kyverno.yaml
@@ -0,0 +1,38 @@
+apiVersion: wgpolicyk8s.io/v1beta1
+kind: PolicyReport
+metadata:
+  name: sample-v1beta1-cr
+  annotations:
+    name: Sample CR
+configuration:
+  limits:
+    maxResults: 100
+    statusFilter:
+      - pass
+      - fail
+      - skip
+source: kyverno
+summary:
+  pass: 1
+  fail: 0
+  warn: 0
+  error: 0
+  skip: 0
+results:
+  - category: Pod Security Standards (Baseline)
+    message: validation rule 'adding-capabilities' passed.
+    policy: disallow-capabilities
+    resources:
+    - apiVersion: v1
+      kind: Pod
+      name: kyverno-6d88f6dcdd-k6bc5
+      namespace: nirmata
+      uid: 3407b31a-b0bb-4716-a443-f4aa15662ef2
+    result: pass
+    rule: adding-capabilities
+    scored: true
+    severity: medium
+    source: kyverno
+    timestamp:
+      nanos: 0
+      seconds: 1679565894
diff --git a/policy-report/samples/sample-v1beta2-kyverno.yaml b/policy-report/samples/sample-v1beta2-kyverno.yaml
new file mode 100644
index 0000000..2cc3783
--- /dev/null
+++ b/policy-report/samples/sample-v1beta2-kyverno.yaml
@@ -0,0 +1,38 @@
+apiVersion: reports.x-k8s.io/v1beta1
+kind: PolicyReport
+metadata:
+  name: sample-v1beta2-cr
+  annotations:
+    name: Sample CR
+configuration:
+  limits:
+    maxResults: 100
+    statusFilter:
+      - pass
+      - fail
+      - skip
+source: kyverno
+summary:
+  pass: 1
+  fail: 0
+  warn: 0
+  error: 0
+  skip: 0
+results:
+  - category: Pod Security Standards (Baseline)
+    message: validation rule 'adding-capabilities' passed.
+    policy: disallow-capabilities
+    resources:
+    - apiVersion: v1
+      kind: Pod
+      name: kyverno-6d88f6dcdd-k6bc5
+      namespace: nirmata
+      uid: 3407b31a-b0bb-4716-a443-f4aa15662ef2
+    result: pass
+    rule: adding-capabilities
+    scored: true
+    severity: medium
+    source: kyverno
+    timestamp:
+      nanos: 0
+      seconds: 1679565894