Kubernetes-native policy management
Policies are managed as Kubernetes resources
Cluster-wide or namespaced policies
Kyverno manages community policies
These policies are searchable
Require specific labels on resources
Allowlist for image registries
Require attestations of security scans
Keyless image signatures using sigstore
kyverno for the Pod Security Standards
kyverno for testing keyless image signatures
See here for demos