Go module

github.com/kyverno/kyverno

v1.14.1

Default version

Published

April 30, 2025

Links

Origin: https://pkg.go.dev/github.com/kyverno/kyverno@v1.14.1
Repo: https://github.com/kyverno/kyverno

Projects

kyverno/kyverno

GitHub

Cloud Native Policy Management

994 forks

6k stars

OpenSSF scorecard

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

View information about checks and how to fix failures.

Score

8/10

Scorecard as of April 21, 2025.

Code-Review

10/10

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

Reasoning

all changesets reviewed

Maintained

10/10

Determines if the project is "actively maintained".

Reasoning

30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10

Security-Policy

9/10

Determines if the project has published a security policy.

Reasoning

security policy file detected

Dangerous-Workflow

10/10

Determines if the project's GitHub Action workflows avoid dangerous patterns.

Reasoning

no dangerous workflow patterns detected

License

10/10

Determines if the project has defined a license.

Reasoning

license file detected

CII-Best-Practices

5/10

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

Reasoning

badge detected: Passing

Fuzzing

10/10

Determines if the project uses fuzzing.

Reasoning

project is fuzzed

Token-Permissions

0/10

Determines if the project's workflows follow the principle of least privilege.

Reasoning

detected GitHub workflow tokens with excessive permissions

Signed-Releases

8/10

Determines if the project cryptographically signs release artifacts.

Reasoning

5 out of the last 5 releases have a total of 5 signed artifacts.

Binary-Artifacts

10/10

Determines if the project has generated executable (binary) artifacts in the source repository.

Reasoning

no binaries found in the repo

Pinned-Dependencies

9/10

Determines if the project has declared and pinned the dependencies of its build process.

Reasoning

dependency not pinned by hash detected -- score normalized to 9

SAST

0/10

Determines if the project uses static code analysis.

Reasoning

SAST tool is not run on all commits -- score normalized to 0

Project metadata as of May 4, 2025.

This site uses cookies from Google to deliver its services and to analyze traffic.

Token-Permissions

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:156

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:383

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:919

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:973

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:279

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:678

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:96

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:406

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:116

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:136

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:236

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:363

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:426

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:196

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:343

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:468

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:511

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:638

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:259

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:446

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:575

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:615

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:699

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:868

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:299

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:322

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:491

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:534

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:658

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:1049

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:176

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:216

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:555

Info: jobLevel 'packages' permission set to 'read': .github/workflows/conformance.yaml:595

Warn: jobLevel 'contents' permission set to 'write': .github/workflows/helm-release.yaml:53

Warn: jobLevel 'packages' permission set to 'write': .github/workflows/helm-release.yaml:54

Info: jobLevel 'actions' permission set to 'read': .github/workflows/images-publish.yaml:167

Warn: jobLevel 'packages' permission set to 'write': .github/workflows/images-publish.yaml:166

Warn: jobLevel 'packages' permission set to 'write': .github/workflows/images-publish.yaml:181

Info: jobLevel 'actions' permission set to 'read': .github/workflows/images-publish.yaml:182

Warn: jobLevel 'packages' permission set to 'write': .github/workflows/images-publish.yaml:196

Info: jobLevel 'actions' permission set to 'read': .github/workflows/images-publish.yaml:197

Warn: jobLevel 'packages' permission set to 'write': .github/workflows/images-publish.yaml:211

Info: jobLevel 'actions' permission set to 'read': .github/workflows/images-publish.yaml:212

Warn: jobLevel 'packages' permission set to 'write': .github/workflows/images-publish.yaml:226

Info: jobLevel 'actions' permission set to 'read': .github/workflows/images-publish.yaml:227

Warn: jobLevel 'packages' permission set to 'write': .github/workflows/images-publish.yaml:21

Warn: jobLevel 'packages' permission set to 'write': .github/workflows/images-publish.yaml:151

Info: jobLevel 'actions' permission set to 'read': .github/workflows/images-publish.yaml:152

Info: jobLevel 'packages' permission set to 'read': .github/workflows/load-testing.yml:68

Info: jobLevel 'packages' permission set to 'read': .github/workflows/load-testing.yml:150

Info: jobLevel 'packages' permission set to 'read': .github/workflows/load-testing.yml:239

Warn: jobLevel 'packages' permission set to 'write': .github/workflows/release.yaml:161

Info: jobLevel 'actions' permission set to 'read': .github/workflows/release.yaml:162

Warn: jobLevel 'packages' permission set to 'write': .github/workflows/release.yaml:191

Info: jobLevel 'actions' permission set to 'read': .github/workflows/release.yaml:192

Warn: jobLevel 'packages' permission set to 'write': .github/workflows/release.yaml:206

Info: jobLevel 'actions' permission set to 'read': .github/workflows/release.yaml:207

Warn: jobLevel 'packages' permission set to 'write': .github/workflows/release.yaml:221

Info: jobLevel 'actions' permission set to 'read': .github/workflows/release.yaml:222

Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yaml:236

Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yaml:272

Warn: jobLevel 'packages' permission set to 'write': .github/workflows/release.yaml:274

Warn: jobLevel 'packages' permission set to 'write': .github/workflows/release.yaml:16

Info: jobLevel 'actions' permission set to 'read': .github/workflows/release.yaml:147

Warn: jobLevel 'packages' permission set to 'write': .github/workflows/release.yaml:146

Warn: jobLevel 'packages' permission set to 'write': .github/workflows/release.yaml:176

Info: jobLevel 'actions' permission set to 'read': .github/workflows/release.yaml:177

Info: found token with 'none' permissions: .github/workflows/check-actions.yaml:1

Info: found token with 'none' permissions: .github/workflows/check-milestone-label.yaml:1

Warn: no topLevel permission defined: .github/workflows/clean-stale-branches.yaml:1

Info: found token with 'none' permissions: .github/workflows/cli.yaml:1

Info: found token with 'none' permissions: .github/workflows/codecov.yaml:1

Info: found token with 'none' permissions: .github/workflows/comment-commands.yaml:1

Info: found token with 'none' permissions: .github/workflows/conformance.yaml:1

Info: found token with 'none' permissions: .github/workflows/devcontainer-build.yaml:1

Info: found token with 'none' permissions: .github/workflows/fossa.yml:1

Info: found token with 'none' permissions: .github/workflows/helm-release.yaml:1

Info: found token with 'none' permissions: .github/workflows/helm-test.yaml:1

Info: found token with 'none' permissions: .github/workflows/images-build.yaml:1

Info: found token with 'none' permissions: .github/workflows/images-publish.yaml:1

Info: found token with 'none' permissions: .github/workflows/lint.yaml:1

Info: found token with 'none' permissions: .github/workflows/load-testing.yml:1

Info: found token with 'none' permissions: .github/workflows/nancy.yaml:1

Info: found token with 'none' permissions: .github/workflows/pr-update.yaml:1

Info: found token with 'none' permissions: .github/workflows/release.yaml:1

Info: found token with 'none' permissions: .github/workflows/report-on-vulnerabilities.yaml:1

Info: found token with 'none' permissions: .github/workflows/scorecard.yaml:1

Info: found token with 'none' permissions: .github/workflows/sonarcloud.yaml:1

Info: found token with 'none' permissions: .github/workflows/tests.yaml:1

Info: found token with 'none' permissions: .github/workflows/verify-codegen.yaml:1