Cosign vs Kyverno

Kyverno

https://kyverno.io/docs/installation/methods/

kyverno is a cloud native policy engine. It was originally built for Kubernetes and now can also be used outside of Kubernetes clusters as a unified policy language .

Some of its many features include:

  • policies as YAML-based declarative Kubernetes resources with no new language to learn!
  • enforce policies as a Kubernetes admission controller, CLI-based scanner, and at runtime
  • validate, mutate, generate, or cleanup (remove) any Kubernetes resource
  • verify container images and metadata for software supply chain security
  • policies for any JSON payload including Terraform resources, cloud resources, and service authorization
  • policy reporting using the open reporting format from the CNCF Policy WG
  • flexible policy exception management
  • tooling for comprehensive unit and e2e testing of policies
  • management of policies as code resources using familiar tools like git and kustomize

Leave a comment