Unified Policy Observability. Monitoring and Observability Tool for the PolicyReport CRD with an optional UI.

Policy Reporter was created to make the results of your Kyverno validation policies more visible and observable. By default, Kyverno provides the option to create your validation policies in audit or enforce mode. While enforce blocks to applying a manifests that violate the given policy, audit creates PolicyReports that provide information about all resources that pass or fail your policies. Because Policy Reports are simple Custom Resource Definitions you can access them with kubectl get/describe.

• Policy Reporter @ GitHub. -Policy Reporter UI @ GitHub.

Cedar is a language for defining permissions as policies, and a specification for evaluating those policies. Use Cedar to define who is authorized to do what within your application. Cedar is open source.

• Cedar @ GitHub.

Related contents:

• Cedar: A New Approach to Policy Management for Kubernetes @ Cloud Native computing foundation.

IAM Least Privilege Policy Generator.

Policy Sentry is an AWS IAM Least Privilege Policy Generator, auditor, and analysis database. It compiles database tables based on the AWS IAM Documentation on Actions, Resources, and Condition Keys and leverages that data to create least-privilege IAM policies.

• Policy Sentry @ GitHub.

Policy-based control for cloud native environments. Flexible, fine-grained control for administrators across the stack.

Open Policy Agent (OPA) is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack.

• Open Policy Agent @ GitHub.

Related contents:

• Guardrails for Your Cloud: A Simple Guide to OPA and Terraform @ Sami Banerjee's Medium.
• Getting Open Policy Agent Up and Running @ The New Stack.
• Simplify Kubernetes Security With Kyverno and OPA Gatekeeper @ The New Stack.
• Automating policy enforcements for infrastructure using Open Policy Agent (OPA) in Terraform — Part 1 @ Ashay Maheshwari's Medium.

Kubernetes Native Policy Management.

Kyverno is a policy engine designed for Kubernetes. It can validate, mutate, and generate configurations using admission controls and background scans. Kyverno policies are Kubernetes resources and do not require learning a new language. Kyverno is designed to work nicely with tools you already use like kubectl, kustomize, and Git.

• Kyverno @ GitHub.

Related contents:

• Vos politiques de conformité sur Kubernetes avec Kyverno @ Zwindler's Reflection :fr:.
• Understanding Kyverno: Enhancing Kubernetes Security with Policy Enforcement @ Jyothi Ram's blog.
• Using the Kyverno CLI to Write Policy Test Cases @ The New Stack.
• Simplify Kubernetes Security With Kyverno and OPA Gatekeeper @ The New Stack.
• Announcing Kyverno Release 1.15! @ CNCF.